firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.0

Browse Source 
添加安装脚本install.php
This commit is contained in:
firesun
2016-01-28 02:19:09 +08:00
parent ba12756105
commit 03a2e79acf
18 changed files with 2116 additions and 1334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin.php
View File

@@ -1,5 +1,5 @@
<?php
define("IN_XSS_PLATFORM",true);
define("IN_XSS_PLATFORM", true);
require("auth.php");
?>
<!DOCTYPE html>

496
aes.php
View File

@@ -1,6 +1,6 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
/*Aes.php
@@ -22,71 +22,90 @@ if(!defined('IN_XSS_PLATFORM')) {
* generated from the cipher key by KeyExpansion()
* @return ciphertext as byte-array (16 bytes)
*/
function Cipher($input, $w) { // main Cipher function [§5.1]
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nr = count($w)/$Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys
$state = array(); // initialise 4xNb byte-array 'state' with input [§3.4]
for ($i=0; $i<4*$Nb; $i++) $state[$i%4][floor($i/4)] = $input[$i];
$state = AddRoundKey($state, $w, 0, $Nb);
for ($round=1; $round<$Nr; $round++) { // apply Nr rounds
function Cipher($input, $w) // main Cipher function [§5.1]
{
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nr = count($w) / $Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys
$state = array(); // initialise 4xNb byte-array 'state' with input [§3.4]
for ($i = 0; $i < 4 * $Nb; $i++)
$state[$i % 4][floor($i / 4)] = $input[$i];
$state = AddRoundKey($state, $w, 0, $Nb);
for ($round = 1; $round < $Nr; $round++) { // apply Nr rounds
$state = SubBytes($state, $Nb);
$state = ShiftRows($state, $Nb);
$state = MixColumns($state, $Nb);
$state = AddRoundKey($state, $w, $round, $Nb);
}
$state = SubBytes($state, $Nb);
$state = ShiftRows($state, $Nb);
$state = MixColumns($state, $Nb);
$state = AddRoundKey($state, $w, $round, $Nb);
}
$state = SubBytes($state, $Nb);
$state = ShiftRows($state, $Nb);
$state = AddRoundKey($state, $w, $Nr, $Nb);
$output = array(4*$Nb); // convert state to 1-d array before returning [§3.4]
for ($i=0; $i<4*$Nb; $i++) $output[$i] = $state[$i%4][floor($i/4)];
return $output;
$state = AddRoundKey($state, $w, $Nr, $Nb);
$output = array(
4 * $Nb
); // convert state to 1-d array before returning [§3.4]
for ($i = 0; $i < 4 * $Nb; $i++)
$output[$i] = $state[$i % 4][floor($i / 4)];
return $output;
}
function AddRoundKey($state, $w, $rnd, $Nb) { // xor Round Key into state S [§5.1.4]
for ($r=0; $r<4; $r++) {
for ($c=0; $c<$Nb; $c++) $state[$r][$c] ^= $w[$rnd*4+$c][$r];
}
return $state;
}
function SubBytes($s, $Nb) { // apply SBox to state S [§5.1.1]
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($r=0; $r<4; $r++) {
for ($c=0; $c<$Nb; $c++) $s[$r][$c] = $Sbox[$s[$r][$c]];
}
return $s;
}
function ShiftRows($s, $Nb) { // shift row r of state S left by r bytes [§5.1.2]
$t = array(4);
for ($r=1; $r<4; $r++) {
for ($c=0; $c<4; $c++) $t[$c] = $s[$r][($c+$r)%$Nb]; // shift into temp copy
for ($c=0; $c<4; $c++) $s[$r][$c] = $t[$c]; // and copy back
} // note that this will work for Nb=4,5,6, but not 7,8 (always 4 for AES):
return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf
}
function MixColumns($s, $Nb) { // combine bytes of each col of state S [§5.1.3]
for ($c=0; $c<4; $c++) {
$a = array(4); // 'a' is a copy of the current column from 's'
$b = array(4); // 'b' is a•{02} in GF(2^8)
for ($i=0; $i<4; $i++) {
$a[$i] = $s[$i][$c];
$b[$i] = $s[$i][$c]&0x80 ? $s[$i][$c]<<1 ^ 0x011b : $s[$i][$c]<<1;
function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1.4]
{
for ($r = 0; $r < 4; $r++) {
for ($c = 0; $c < $Nb; $c++)
$state[$r][$c] ^= $w[$rnd * 4 + $c][$r];
}
// a[n] ^ b[n] is a•{03} in GF(2^8)
$s[0][$c] = $b[0] ^ $a[1] ^ $b[1] ^ $a[2] ^ $a[3]; // 2*a0 + 3*a1 + a2 + a3
$s[1][$c] = $a[0] ^ $b[1] ^ $a[2] ^ $b[2] ^ $a[3]; // a0 * 2*a1 + 3*a2 + a3
$s[2][$c] = $a[0] ^ $a[1] ^ $b[2] ^ $a[3] ^ $b[3]; // a0 + a1 + 2*a2 + 3*a3
$s[3][$c] = $a[0] ^ $b[0] ^ $a[1] ^ $a[2] ^ $b[3]; // 3*a0 + a1 + a2 + 2*a3
}
return $s;
return $state;
}
function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1]
{
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($r = 0; $r < 4; $r++) {
for ($c = 0; $c < $Nb; $c++)
$s[$r][$c] = $Sbox[$s[$r][$c]];
}
return $s;
}
function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2]
{
$t = array(
4
);
for ($r = 1; $r < 4; $r++) {
for ($c = 0; $c < 4; $c++)
$t[$c] = $s[$r][($c + $r) % $Nb]; // shift into temp copy
for ($c = 0; $c < 4; $c++)
$s[$r][$c] = $t[$c]; // and copy back
} // note that this will work for Nb=4,5,6, but not 7,8 (always 4 for AES):
return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf
}
function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3]
{
for ($c = 0; $c < 4; $c++) {
$a = array(
4
); // 'a' is a copy of the current column from 's'
$b = array(
4
); // 'b' is a?{02} in GF(2^8)
for ($i = 0; $i < 4; $i++) {
$a[$i] = $s[$i][$c];
$b[$i] = $s[$i][$c] & 0x80 ? $s[$i][$c] << 1 ^ 0x011b : $s[$i][$c] << 1;
}
// a[n] ^ b[n] is a?{03} in GF(2^8)
$s[0][$c] = $b[0] ^ $a[1] ^ $b[1] ^ $a[2] ^ $a[3]; // 2*a0 + 3*a1 + a2 + a3
$s[1][$c] = $a[0] ^ $b[1] ^ $a[2] ^ $b[2] ^ $a[3]; // a0 * 2*a1 + 3*a2 + a3
$s[2][$c] = $a[0] ^ $a[1] ^ $b[2] ^ $a[3] ^ $b[3]; // a0 + a1 + 2*a2 + 3*a3
$s[3][$c] = $a[0] ^ $b[0] ^ $a[1] ^ $a[2] ^ $b[3]; // 3*a0 + a1 + a2 + 2*a3
}
return $s;
}
/**
@@ -96,63 +115,76 @@ function MixColumns($s, $Nb) { // combine bytes of each col of state S [§5.1.
* @param key cipher key byte-array (16 bytes)
* @return key schedule as 2D byte-array (Nr+1 x Nb bytes)
*/
function KeyExpansion($key) { // generate Key Schedule from Cipher Key [§5.2]
global $Rcon; // PHP needs explicit declaration to access global variables!
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nk = count($key)/4; // key length (in words): 4/6/8 for 128/192/256-bit keys
$Nr = $Nk + 6; // no of rounds: 10/12/14 for 128/192/256-bit keys
$w = array();
$temp = array();
for ($i=0; $i<$Nk; $i++) {
$r = array($key[4*$i], $key[4*$i+1], $key[4*$i+2], $key[4*$i+3]);
$w[$i] = $r;
}
for ($i=$Nk; $i<($Nb*($Nr+1)); $i++) {
$w[$i] = array();
for ($t=0; $t<4; $t++) $temp[$t] = $w[$i-1][$t];
if ($i % $Nk == 0) {
$temp = SubWord(RotWord($temp));
for ($t=0; $t<4; $t++) $temp[$t] ^= $Rcon[$i/$Nk][$t];
} else if ($Nk > 6 && $i%$Nk == 4) {
$temp = SubWord($temp);
function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2]
{
global $Rcon; // PHP needs explicit declaration to access global variables!
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys
$Nr = $Nk + 6; // no of rounds: 10/12/14 for 128/192/256-bit keys
$w = array();
$temp = array();
for ($i = 0; $i < $Nk; $i++) {
$r = array(
$key[4 * $i],
$key[4 * $i + 1],
$key[4 * $i + 2],
$key[4 * $i + 3]
);
$w[$i] = $r;
}
for ($t=0; $t<4; $t++) $w[$i][$t] = $w[$i-$Nk][$t] ^ $temp[$t];
}
return $w;
for ($i = $Nk; $i < ($Nb * ($Nr + 1)); $i++) {
$w[$i] = array();
for ($t = 0; $t < 4; $t++)
$temp[$t] = $w[$i - 1][$t];
if ($i % $Nk == 0) {
$temp = SubWord(RotWord($temp));
for ($t = 0; $t < 4; $t++)
$temp[$t] ^= $Rcon[$i / $Nk][$t];
} else if ($Nk > 6 && $i % $Nk == 4) {
$temp = SubWord($temp);
}
for ($t = 0; $t < 4; $t++)
$w[$i][$t] = $w[$i - $Nk][$t] ^ $temp[$t];
}
return $w;
}
function SubWord($w) { // apply SBox to 4-byte word w
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($i=0; $i<4; $i++) $w[$i] = $Sbox[$w[$i]];
return $w;
function SubWord($w) // apply SBox to 4-byte word w
{
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($i = 0; $i < 4; $i++)
$w[$i] = $Sbox[$w[$i]];
return $w;
}
function RotWord($w) { // rotate 4-byte word w left by one byte
$w[4] = $w[0];
for ($i=0; $i<4; $i++) $w[$i] = $w[$i+1];
return $w;
function RotWord($w) // rotate 4-byte word w left by one byte
{
$w[4] = $w[0];
for ($i = 0; $i < 4; $i++)
$w[$i] = $w[$i + 1];
return $w;
}
// Sbox is pre-computed multiplicative inverse in GF(2^8) used in SubBytes and KeyExpansion [§5.1.1]
$Sbox = array(0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16);
$Sbox = array(0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16);
// Rcon is Round Constant used for the Key Expansion [1st col is 2^(r-1) in GF(2^8)] [§5.2]
$Rcon = array( array(0x00, 0x00, 0x00, 0x00),
@@ -165,7 +197,7 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00),
array(0x40, 0x00, 0x00, 0x00),
array(0x80, 0x00, 0x00, 0x00),
array(0x1b, 0x00, 0x00, 0x00),
array(0x36, 0x00, 0x00, 0x00) );
array(0x36, 0x00, 0x00, 0x00) );
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
@@ -181,61 +213,69 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00),
* @param nBits number of bits to be used in the key (128, 192, or 256)
* @return encrypted text
*/
function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) {
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys
// note PHP (5) gives us plaintext and password in UTF8 encoding!
// use AES itself to encrypt password to get cipher key (using plain password as source for key
// expansion) - gives us well encrypted key
$nBytes = $nBits/8; // no bytes in key
$pwBytes = array();
for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes-16)); // expand key to 16/24/32 bytes long
// initialise counter block (NIST SP800-38A §B.2): millisecond time-stamp for nonce in
// 1st 8 bytes, block counter in 2nd 8 bytes
$counterBlock = array();
$nonce = floor(microtime(true)*1000); // timestamp: milliseconds since 1-Jan-1970
$nonceSec = floor($nonce/1000);
$nonceMs = $nonce%1000;
// encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes
for ($i=0; $i<4; $i++) $counterBlock[$i] = urs($nonceSec, $i*8) & 0xff;
for ($i=0; $i<4; $i++) $counterBlock[$i+4] = $nonceMs & 0xff;
// and convert it to a string to go on the front of the ciphertext
$ctrTxt = '';
for ($i=0; $i<8; $i++) $ctrTxt .= chr($counterBlock[$i]);
// generate key schedule - an expansion of the key into distinct Key Rounds for each round
$keySchedule = KeyExpansion($key);
$blockCount = ceil(strlen($plaintext)/$blockSize);
$ciphertxt = array(); // ciphertext as array of strings
for ($b=0; $b<$blockCount; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
// done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB)
for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff;
for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs($b/0x100000000, $c*8);
$cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block --
// block size is reduced on final block
$blockLength = $b<$blockCount-1 ? $blockSize : (strlen($plaintext)-1)%$blockSize+1;
$cipherByte = array();
function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128)
{
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
// note PHP (5) gives us plaintext and password in UTF8 encoding!
for ($i=0; $i<$blockLength; $i++) { // -- xor plaintext with ciphered counter byte-by-byte --
$cipherByte[$i] = $cipherCntr[$i] ^ ord(substr($plaintext, $b*$blockSize+$i, 1));
$cipherByte[$i] = chr($cipherByte[$i]);
// use AES itself to encrypt password to get cipher key (using plain password as source for key
// expansion) - gives us well encrypted key
$nBytes = $nBits / 8; // no bytes in key
$pwBytes = array();
for ($i = 0; $i < $nBytes; $i++)
$pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
// initialise counter block (NIST SP800-38A §B.2): millisecond time-stamp for nonce in
// 1st 8 bytes, block counter in 2nd 8 bytes
$counterBlock = array();
$nonce = floor(microtime(true) * 1000); // timestamp: milliseconds since 1-Jan-1970
$nonceSec = floor($nonce / 1000);
$nonceMs = $nonce % 1000;
// encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes
for ($i = 0; $i < 4; $i++)
$counterBlock[$i] = urs($nonceSec, $i * 8) & 0xff;
for ($i = 0; $i < 4; $i++)
$counterBlock[$i + 4] = $nonceMs & 0xff;
// and convert it to a string to go on the front of the ciphertext
$ctrTxt = '';
for ($i = 0; $i < 8; $i++)
$ctrTxt .= chr($counterBlock[$i]);
// generate key schedule - an expansion of the key into distinct Key Rounds for each round
$keySchedule = KeyExpansion($key);
$blockCount = ceil(strlen($plaintext) / $blockSize);
$ciphertxt = array(); // ciphertext as array of strings
for ($b = 0; $b < $blockCount; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
// done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB)
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c] = urs($b, $c * 8) & 0xff;
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c - 4] = urs($b / 0x100000000, $c * 8);
$cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block --
// block size is reduced on final block
$blockLength = $b < $blockCount - 1 ? $blockSize : (strlen($plaintext) - 1) % $blockSize + 1;
$cipherByte = array();
for ($i = 0; $i < $blockLength; $i++) { // -- xor plaintext with ciphered counter byte-by-byte --
$cipherByte[$i] = $cipherCntr[$i] ^ ord(substr($plaintext, $b * $blockSize + $i, 1));
$cipherByte[$i] = chr($cipherByte[$i]);
}
$ciphertxt[$b] = implode('', $cipherByte); // escape troublesome characters in ciphertext
}
$ciphertxt[$b] = implode('', $cipherByte); // escape troublesome characters in ciphertext
}
// implode is more efficient than repeated string concatenation
$ciphertext = $ctrTxt . implode('', $ciphertxt);
$ciphertext = base64_encode($ciphertext);
return $ciphertext;
// implode is more efficient than repeated string concatenation
$ciphertext = $ctrTxt . implode('', $ciphertxt);
$ciphertext = base64_encode($ciphertext);
return $ciphertext;
}
@@ -247,56 +287,63 @@ function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) {
* @param nBits number of bits to be used in the key (128, 192, or 256)
* @return decrypted text
*/
function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) {
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys
$ciphertext = base64_decode($ciphertext);
// use AES to encrypt password (mirroring encrypt routine)
$nBytes = $nBits/8; // no bytes in key
$pwBytes = array();
for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes-16)); // expand key to 16/24/32 bytes long
// recover nonce from 1st element of ciphertext
$counterBlock = array();
$ctrTxt = substr($ciphertext, 0, 8);
for ($i=0; $i<8; $i++) $counterBlock[$i] = ord(substr($ctrTxt,$i,1));
// generate key schedule
$keySchedule = KeyExpansion($key);
// separate ciphertext into blocks (skipping past initial 8 bytes)
$nBlocks = ceil((strlen($ciphertext)-8) / $blockSize);
$ct = array();
for ($b=0; $b<$nBlocks; $b++) $ct[$b] = substr($ciphertext, 8+$b*$blockSize, 16);
$ciphertext = $ct; // ciphertext is now array of block-length strings
// plaintext will get generated block-by-block into array of block-length strings
$plaintxt = array();
for ($b=0; $b<$nBlocks; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff;
for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs(($b+1)/0x100000000-1, $c*8) & 0xff;
$cipherCntr = Cipher($counterBlock, $keySchedule); // encrypt counter block
$plaintxtByte = array();
for ($i=0; $i<strlen($ciphertext[$b]); $i++) {
// -- xor plaintext with ciphered counter byte-by-byte --
$plaintxtByte[$i] = $cipherCntr[$i] ^ ord(substr($ciphertext[$b],$i,1));
$plaintxtByte[$i] = chr($plaintxtByte[$i]);
function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128)
{
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
$ciphertext = base64_decode($ciphertext);
// use AES to encrypt password (mirroring encrypt routine)
$nBytes = $nBits / 8; // no bytes in key
$pwBytes = array();
for ($i = 0; $i < $nBytes; $i++)
$pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
// recover nonce from 1st element of ciphertext
$counterBlock = array();
$ctrTxt = substr($ciphertext, 0, 8);
for ($i = 0; $i < 8; $i++)
$counterBlock[$i] = ord(substr($ctrTxt, $i, 1));
// generate key schedule
$keySchedule = KeyExpansion($key);
// separate ciphertext into blocks (skipping past initial 8 bytes)
$nBlocks = ceil((strlen($ciphertext) - 8) / $blockSize);
$ct = array();
for ($b = 0; $b < $nBlocks; $b++)
$ct[$b] = substr($ciphertext, 8 + $b * $blockSize, 16);
$ciphertext = $ct; // ciphertext is now array of block-length strings
// plaintext will get generated block-by-block into array of block-length strings
$plaintxt = array();
for ($b = 0; $b < $nBlocks; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c] = urs($b, $c * 8) & 0xff;
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c - 4] = urs(($b + 1) / 0x100000000 - 1, $c * 8) & 0xff;
$cipherCntr = Cipher($counterBlock, $keySchedule); // encrypt counter block
$plaintxtByte = array();
for ($i = 0; $i < strlen($ciphertext[$b]); $i++) {
// -- xor plaintext with ciphered counter byte-by-byte --
$plaintxtByte[$i] = $cipherCntr[$i] ^ ord(substr($ciphertext[$b], $i, 1));
$plaintxtByte[$i] = chr($plaintxtByte[$i]);
}
$plaintxt[$b] = implode('', $plaintxtByte);
}
$plaintxt[$b] = implode('', $plaintxtByte);
}
// join array of blocks into single plaintext string
$plaintext = implode('',$plaintxt);
return $plaintext;
// join array of blocks into single plaintext string
$plaintext = implode('', $plaintxt);
return $plaintext;
}
@@ -307,14 +354,15 @@ function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) {
* @param b number of bits to shift a to the right (0..31)
* @return a right-shifted and zero-filled by b bits
*/
function urs($a, $b) {
$a &= 0xffffffff; $b &= 0x1f; // (bounds check)
if ($a&0x80000000 && $b>0) { // if left-most bit set
$a = ($a>>1) & 0x7fffffff; // right-shift one bit & clear left-most bit
$a = $a >> ($b-1); // remaining right-shifts
} else { // otherwise
$a = ($a>>$b); // use normal right-shift
}
return $a;
}
?>
function urs($a, $b)
{
$a &= 0xffffffff;
$b &= 0x1f; // (bounds check)
if ($a & 0x80000000 && $b > 0) { // if left-most bit set
$a = ($a >> 1) & 0x7fffffff; // right-shift one bit & clear left-most bit
$a = $a >> ($b - 1); // remaining right-shifts
} else { // otherwise
$a = ($a >> $b); // use normal right-shift
}
return $a;
}

501
api.php
View File

@@ -1,8 +1,8 @@
<?php
define("IN_XSS_PLATFORM",true);
require('auth.php');
define("IN_XSS_PLATFORM", true);
require_once('auth.php');
require_once("load.php");
require_once("functions.php");
require_once("config.php");
require_once("dio.php");
header('Content-Type: application/json');
@@ -11,274 +11,253 @@ define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//与xss记录相关api
if(isset($_GET['cmd']))
{
switch($_GET['cmd'])
{
//获取所有记录包括详细信息
case 'list':
echo json_encode(xss_record_detail_list());
break;
//只获取时间戳索引id
case 'id_list':
echo json_encode(xss_record_id_list());
break;
//根据时间戳索引id获得单条信息
case 'get':
if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id']))
echo json_encode(load_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//根据时间戳索引id删除单条信息
case 'del':
if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id']))
echo json_encode(delete_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//清空记录
case 'clear':
echo json_encode(clear_xss_record());
break;
default:
echo json_encode(false);
}
if (isset($_GET['cmd'])) {
switch ($_GET['cmd']) {
//获取所有记录包括详细信息
case 'list':
echo json_encode(xss_record_detail_list());
break;
//只获取时间戳索引id
case 'id_list':
echo json_encode(xss_record_id_list());
break;
//根据时间戳索引id获得单条信息
case 'get':
if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id']))
echo json_encode(load_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//根据时间戳索引id删除单条信息
case 'del':
if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id']))
echo json_encode(delete_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//清空记录
case 'clear':
echo json_encode(clear_xss_record());
break;
default:
echo json_encode(false);
}
}
//与js模板相关api
else if(isset($_GET['js_template_cmd']))
{
switch($_GET['js_template_cmd'])
{
//获取所有js模板的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH));
break;
//添加js模板
case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else
{
save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']);
save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else
{
if($_POST['old_name']!=$_POST['name'])
delete_js(JS_TEMPLATE_PATH,$_POST['old_name']);
save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']);
save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(load_js_content(JS_TEMPLATE_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(delete_js(JS_TEMPLATE_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(JS_TEMPLATE_PATH));
break;
default:
echo json_encode(false);
}
else if (isset($_GET['js_template_cmd'])) {
switch ($_GET['js_template_cmd']) {
//获取所有js模板的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH));
break;
//添加js模板
case 'add':
if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else {
save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']);
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
}
} else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else {
if ($_POST['old_name'] != $_POST['name'])
delete_js(JS_TEMPLATE_PATH, $_POST['old_name']);
save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']);
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
}
} else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
echo json_encode(load_js_content(JS_TEMPLATE_PATH, $_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
echo json_encode(delete_js(JS_TEMPLATE_PATH, $_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(JS_TEMPLATE_PATH));
break;
default:
echo json_encode(false);
}
}
//与我的js相关api
else if(isset($_GET['my_js_cmd']))
else if (isset($_GET['my_js_cmd'])) {
switch ($_GET['my_js_cmd']) {
//获取所有我的js的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(MY_JS_PATH));
break;
//添加js模板
case 'add':
if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(MY_JS_PATH))
echo json_encode(false);
else {
save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']);
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
}
} else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(MY_JS_PATH))
echo json_encode(false);
else {
if ($_POST['old_name'] != $_POST['name'])
delete_js(MY_JS_PATH, $_POST['old_name']);
save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']);
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
}
} else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
echo json_encode(load_js_content(MY_JS_PATH, $_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
echo json_encode(delete_js(MY_JS_PATH, $_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(MY_JS_PATH));
break;
default:
echo json_encode(false);
}
} else
echo json_encode(false);
function xss_record_id_list()
{
switch($_GET['my_js_cmd'])
{
//获取所有我的js的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(MY_JS_PATH));
break;
//添加js模板
case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(MY_JS_PATH))
echo json_encode(false);
else
{
save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']);
save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(MY_JS_PATH))
echo json_encode(false);
else
{
if($_POST['old_name']!=$_POST['name'])
delete_js(MY_JS_PATH,$_POST['old_name']);
save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']);
save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(load_js_content(MY_JS_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(delete_js(MY_JS_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(MY_JS_PATH));
break;
default:
echo json_encode(false);
}
}
else
echo json_encode(false);
function xss_record_id_list() {
$files = glob(DATA_PATH . '/*.php');
$list=array();
foreach ($files as $file){
$filename=basename($file,".php");
if( preg_match(ID_REGEX, $filename) )
$list[]=$filename;
}
return $list;
$files = glob(DATA_PATH . '/*.php');
$list = array();
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match(ID_REGEX, $filename))
$list[] = $filename;
}
return $list;
}
function xss_record_detail_list() {
$list=array();
$files = glob(DATA_PATH . '/*.php');
arsort($files);
foreach ($files as $file) {
$filename=basename($file,".php");
if( preg_match(ID_REGEX, $filename) )
{
$info=load_xss_record($filename);
if($info===false)
continue;
$isChange=false;
//如果没有设置location就查询qqwry.dat判断location
if(!isset($info['location']))
{
$info['location']=stripStr( convertip($info['user_IP'],IPDATA_PATH) );
$isChange=true;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
$list[]= $info;
}
}
return $list;
function xss_record_detail_list()
{
$list = array();
$files = glob(DATA_PATH . '/*.php');
arsort($files);
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match(ID_REGEX, $filename)) {
$info = load_xss_record($filename);
if ($info === false)
continue;
$isChange = false;
//如果没有设置location就查询qqwry.dat判断location
if (!isset($info['location'])) {
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true;
}
if ($isChange)
save_xss_record(json_encode($info), $filename);
$list[] = $info;
}
}
return $list;
}
//获取js的名字与描述列表
function js_name_and_desc_list($path)
{
$list=array();
$files = glob($path . '/*.js');
arsort($files);
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$item=array();
$item['js_uri']=$file;
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$item['js_name']=$filename;
$item['js_name_abbr']=stripStr($filename);
$result=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
$result=$result?$result:"";
$result=decrypt($result);
if(json_encode($result)===false)
$result="加密密码不符,无法获得描述";
$item['js_description']=$result;
$item['js_description_abbr']=stripStr($result);
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理
$list[]= $item;
}
return $list;
}
?>
$list = array();
$files = glob($path . '/*.js');
arsort($files);
foreach ($files as $file) {
//由于可能有中文名,故使用正则来提取文件名
$item = array();
$item['js_uri'] = $file;
$filename = preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename = substr($filename, 0, strlen($filename) - 3);
$item['js_name'] = $filename;
$item['js_name_abbr'] = stripStr($filename);
$result = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc');
$result = $result ? $result : "";
$result = decrypt($result);
if (json_encode($result) === false)
$result = "加密密码不符,无法获得描述";
$item['js_description'] = $result;
$item['js_description_abbr'] = stripStr($result);
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理
$list[] = $item;
}
return $list;
}

27
auth.php
View File

@@ -1,27 +1,24 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
//设置httponly
ini_set("session.cookie_httponly", 1);
ini_set("session.cookie_httponly", 1);
session_start();
//判断登陆情况ip和useragent是否改变改变则强制退出
if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSION['user_IP']) &&$_SESSION['user_IP']!="" &&$_SESSION['user_IP']=== $_SERVER['REMOTE_ADDR'] &&isset($_SESSION['user_agent']) &&$_SESSION['user_agent']!="" &&$_SESSION['user_agent']=== $_SERVER['HTTP_USER_AGENT'] ))
{
$_SESSION['isLogin']=false;
$_SESSION['user_IP']="";
$_SESSION['user_agent']="";
session_unset();
session_destroy();
header("Location: login.php");
exit();
if (!(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === $_SERVER['REMOTE_ADDR'] && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] != "" && $_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT'])) {
$_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = "";
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
//开启CSP
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");
?>
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");

214
change_encrypt_pass.php
View File

@@ -12,7 +12,7 @@ exit();
* php change_encrypt_pass.php true bluelotus AES true bluelotus RC4
* php change_encrypt_pass.php true bluelotus AES false xxxx(任意值) AES
*/
/*
* 从旧版本升级的方法
* 1. php change_encrypt_pass.php update (以前是否加密true/false) (旧加密密码)
@@ -21,130 +21,122 @@ exit();
* 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法)
* 4. 升级完成
*/
define("IN_XSS_PLATFORM",true);
define("IN_XSS_PLATFORM", true);
require_once("config.php");
if($argv[1]==="update")
update_from_old_version($argv[2],$argv[3]);
if ($argv[1] === "update")
update_from_old_version($argv[2], $argv[3]);
else
change_pass($argv[1],$argv[2],$argv[3],$argv[4],$argv[5],$argv[6]);
function update_from_old_version($old_enable_encrypt,$old_encrypt_pass){
//如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus", "RC4");
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus","RC4");
}
function change_pass($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
function update_from_old_version($old_encrypt_enable, $old_encrypt_pass)
{
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
//如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
}
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
}
function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
$str = @file_get_contents( $logfile );
if($str===false)
return;
$str=decrypt($str,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
$str=encrypt($str, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents($logfile, $str))
echo "修改封禁ip成功\n";
else
echo "修改封禁ip失败可能是没有权限chmod 777\n";
$logfile = DATA_PATH . '/forbiddenIPList.dat';
$str = @file_get_contents($logfile);
if ($str === false)
return;
$str = decrypt($str, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
$str = encrypt($str, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logfile, $str))
echo "修改封禁ip成功\n";
else
echo "修改封禁ip失败可能是没有权限chmod 777\n";
}
function modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename=basename($file,".php");
if( preg_match("/^[0-9]{10}$/", $filename) )
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
$info=@file_get_contents($logFile);
if($info!==false && strncmp($info,'<?php exit();?>',15)===0)
{
$info=substr($info,15);
$info=decrypt($info,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
}
else
$info="";
$info=encrypt($info, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents($logFile, '<?php exit();?>'.$info))
echo "修改一条xss记录成功\n";
else
echo "修改一条xss记录失败可能是没有权限chmod 777\n";
}
}
}
function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match("/^[0-9]{10}$/", $filename)) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
$info = @file_get_contents($logFile);
if ($info !== false && strncmp($info, '<?php exit();?>', 15) === 0) {
$info = substr($info, 15);
$info = decrypt($info, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
} else
$info = "";
$info = encrypt($info, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logFile, '<?php exit();?>' . $info))
echo "修改一条xss记录成功\n";
else
echo "修改一条xss记录失败可能是没有权限chmod 777\n";
}
}
}
function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
$files = glob($path . '/*.js');
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$desc=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
if($desc!==false)
$desc=decrypt($desc,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
else
$desc="";
$desc=encrypt($desc, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc', $desc))
echo "修改一条js描述成功\n";
else
echo "修改一条js描述失败可能是没有权限chmod 777\n";
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
//由于可能有中文名,故使用正则来提取文件名
$filename = preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename = substr($filename, 0, strlen($filename) - 3);
$desc = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc');
if ($desc !== false)
$desc = decrypt($desc, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
else
$desc = "";
$desc = encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc', $desc))
echo "修改一条js描述成功\n";
else
echo "修改一条js描述失败可能是没有权限chmod 777\n";
}
}
function encrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type)
function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{
if($enable_encrypt) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,$encrypt_pass) );
}
}
else
$info=base64_encode($info);
return $info;
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");
$info = AESEncryptCtr($info, $encrypt_pass);
} else {
require_once("rc4.php");
$info = base64_encode(rc4($info, $encrypt_pass));
}
} else
$info = base64_encode($info);
return $info;
}
function decrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type)
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{
if($enable_encrypt) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),$encrypt_pass);
}
}
else
$info=base64_decode($info);
return $info;
}
?>
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");
$info = AESDecryptCtr($info, $encrypt_pass);
} else {
require_once("rc4.php");
$info = rc4(base64_decode($info), $encrypt_pass);
}
} else
$info = base64_decode($info);
return $info;
}

25
config-sample.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
define("PASS", "2a05218c7aa0a6dbd370985d984627b8"); //后台登录密码默认密码bluelotus
define("DATA_PATH", "data"); //xss记录、封禁ip列表存放目录
define("JS_TEMPLATE_PATH", "template"); //js模板存放目录
define("MY_JS_PATH", "myjs"); //我的js存放目录
define("ENCRYPT_ENABLE", true); //是否加密“xss记录封禁ip列表js描述”
define("ENCRYPT_PASS", "bluelotus"); //加密密码
define("ENCRYPT_TYPE", "RC4"); //加密方法AES或RC4
define("KEEP_SESSION", true); //是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define("IPDATA_PATH", "qqwry.dat"); //ip归属地数据库地址
/*邮件通知相关配置*/
define("MAIL_ENABLE", false); //开启邮件通知
define("SMTP_SERVER", "smtp.xxx.com"); //smtp服务器
define("SMTP_PORT", 465); //端口
define("SMTP_SECURE", "ssl");
define("MAIL_USER", "xxx@xxx.com"); //发件人用户名
define("MAIL_PASS", "xxxxxx"); //发件人密码
define("MAIL_FROM", "xxx@xxx.com"); //发件人地址(需真实,不可伪造)
define("MAIL_RECV", "xxxx@xxxx.com"); //接收通知的邮件地址

27
config.php
View File

@@ -1,27 +0,0 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
define('PASS', '2a05218c7aa0a6dbd370985d984627b8');//后台登录密码默认密码bluelotus
define('DATA_PATH', 'data');//xss记录、封禁ip列表存放目录
define('JS_TEMPLATE_PATH', 'template');//js模板存放目录
define('MY_JS_PATH', 'myjs');//我的js存放目录
define('ENABLE_ENCRYPT', true);//是否加密“xss记录封禁ip列表js描述”
define('ENCRYPT_PASS', "bluelotus");//加密密码
define('ENCRYPT_TYPE', "RC4");//加密方法AES或RC4
define('KEEP_SESSION', true);//是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define('IPDATA_PATH', "qqwry.dat");//ip归属地数据库地址
/*邮件通知相关配置*/
define('MAIL_ENABLE', false);//开启邮件通知
define('SMTP_SERVER', "smtp.xxx.com");//smtp服务器
define('SMTP_PORT', 465);//端口
define('SMTP_SECURE', "ssl");
define('MAIL_USER', "xxx@xxx.com");//发件人用户名
define('MAIL_PASS', "xxxxxx");//发件人密码
define('MAIL_FROM', "xxx@xxx.com");//发件人地址(需真实,不可伪造)
define('MAIL_RECV', "xxxx@xxxx.com");//接收通知的邮件地址
?>

244
dio.php
View File

@@ -1,161 +1,149 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("config.php");
require_once("load.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info,$filename)
function save_xss_record($info, $filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
!file_exists($logFile) && @touch($logFile);
$info=encrypt($info);
if(file_put_contents($logFile, '<?php exit();?>'.$info)===false)
return false;
else
return true;
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
!file_exists($logFile) && @touch($logFile);
$info = encrypt($info);
if (file_put_contents($logFile, '<?php exit();?>' . $info) === false)
return false;
else
return true;
}
function load_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
if(!file_exists($logFile))
return false;
$info=@file_get_contents($logFile);
if($info===false)
return false;
if(strncmp($info,'<?php exit();?>',15)!=0)
return false;
$info=substr($info,15);
$info=decrypt($info);
//只会出现在加密密码错误的时候
if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
return false;
$info=json_decode($info, true);
//只会出现在加密密码错误的时候
if($info===false)
return false;
$isChange=false;
if(!isset($info['location']))
{
$info['location']=stripStr(convertip($info['user_IP'],IPDATA_PATH));
$isChange=true;
}
//只会出现在加密密码错误的时候
if(!isset($info['request_time']))
{
return false;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
return $info;
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile))
return false;
$info = @file_get_contents($logFile);
if ($info === false)
return false;
if (strncmp($info, '<?php exit();?>', 15) != 0)
return false;
$info = substr($info, 15);
$info = decrypt($info);
//只会出现在加密密码错误的时候
if (!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info))
return false;
$info = json_decode($info, true);
//只会出现在加密密码错误的时候
if ($info === false)
return false;
$isChange = false;
if (!isset($info['location'])) {
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true;
}
//只会出现在加密密码错误的时候
if (!isset($info['request_time'])) {
return false;
}
if ($isChange)
save_xss_record(json_encode($info), $filename);
return $info;
} else
return false;
}
function delete_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
return unlink($logFile);
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile);
} else
return false;
}
function clear_xss_record()
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function load_js_content($path,$filename)
function load_js_content($path, $filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
if(!file_exists($file))
return false;
$info=@file_get_contents($file);
if($info===false)
$info="";
return $info;
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if (!file_exists($file))
return false;
$info = @file_get_contents($file);
if ($info === false)
$info = "";
return $info;
} else
return false;
}
function delete_js($path,$filename)
function delete_js($path, $filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
unlink($file);
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
return unlink($file);
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink($file);
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink($file);
} else
return false;
}
function clear_js($path)
{
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function save_js_content($path,$content,$filename)
function save_js_content($path, $content, $filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
!file_exists($file) && @touch($file);
if(file_put_contents($file, $content)===false)
return false;
else
return true;
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
!file_exists($file) && @touch($file);
if (file_put_contents($file, $content) === false)
return false;
else
return true;
}
function save_js_desc($path,$desc,$filename)
function save_js_desc($path, $desc, $filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
!file_exists($file) && @touch($file);
$desc=encrypt($desc);
if(file_put_contents($file, $desc)===false)
return false;
else
return true;
}
?>
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
!file_exists($file) && @touch($file);
$desc = encrypt($desc);
if (file_put_contents($file, $desc) === false)
return false;
else
return true;
}

508
functions.php
View File

@@ -1,13 +1,14 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("config.php");
require_once("load.php");
//nginx无getallheaders函数
if (!function_exists('getallheaders')) {
function getallheaders() {
function getallheaders()
{
foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
@@ -18,278 +19,275 @@ if (!function_exists('getallheaders')) {
}
//判断该记录是否
function isKeepSession($info){
$keepsession=false;
foreach($info['get_data'] as $k => $v) {
if($k==="keepsession")
{
$keepsession=($v==="1"?true:false);
return $keepsession;
}
}
foreach($info['post_data'] as $k => $v) {
if($k==="keepsession")
{
$keepsession=($v==="1"?true:false);
return $keepsession;
}
}
foreach($info['cookie_data'] as $k => $v) {
if($k==="keepsession")
{
$keepsession=($v==="1"?true:false);
return $keepsession;
}
}
return $keepsession;
function isKeepSession($info)
{
$keepsession = false;
foreach ($info['get_data'] as $k => $v) {
if ($k === "keepsession") {
$keepsession = ($v === "1" ? true : false);
return $keepsession;
}
}
foreach ($info['post_data'] as $k => $v) {
if ($k === "keepsession") {
$keepsession = ($v === "1" ? true : false);
return $keepsession;
}
}
foreach ($info['cookie_data'] as $k => $v) {
if ($k === "keepsession") {
$keepsession = ($v === "1" ? true : false);
return $keepsession;
}
}
return $keepsession;
}
//xss过滤
function stripStr($str){
if(get_magic_quotes_gpc())
$str=stripslashes($str);
return addslashes(htmlspecialchars($str,ENT_QUOTES,'UTF-8'));
function stripStr($str)
{
if (get_magic_quotes_gpc())
$str = stripslashes($str);
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
}
function stripArr($arr){
$new_arr=array();
foreach($arr as $k => $v) {
$new_arr[stripStr($k)] = stripStr($v);
}
return $new_arr;
function stripArr($arr)
{
$new_arr = array();
foreach ($arr as $k => $v) {
$new_arr[stripStr($k)] = stripStr($v);
}
return $new_arr;
}
//尝试base64解码
function tryBase64Decode($arr)
function tryBase64Decode($arr)
{
if(isset($arr)&&count($arr)>0)
{
$isChanged=0;
$new_arr = array();
foreach($arr as $k => $v) {
$decoded_v="";
if(isBase64Formatted($v)) {
$decoded_v=base64_decode($v);
$isChanged=1;
}
$new_arr[$k]=$decoded_v;
}
if($isChanged)
return $new_arr;
else
return false;
}
else
return false;
if (isset($arr) && count($arr) > 0) {
$isChanged = 0;
$new_arr = array();
foreach ($arr as $k => $v) {
$decoded_v = "";
if (isBase64Formatted($v)) {
$decoded_v = base64_decode($v);
$isChanged = 1;
}
$new_arr[$k] = $decoded_v;
}
if ($isChanged)
return $new_arr;
else
return false;
} else
return false;
}
//判断string是否为base64编码判断方法解码后为可见字符串
function isBase64Formatted($str)
{
if(preg_match('/^[A-Za-z0-9+\/=]+$/',$str))
if ($str == base64_encode(base64_decode($str)))
if(preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',base64_decode($str)))
return true;
if (preg_match('/^[A-Za-z0-9+\/=]+$/', $str))
if ($str == base64_encode(base64_decode($str)))
if (preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', base64_decode($str)))
return true;
return false;
}
function encrypt($info)
function encrypt($info)
{
if(ENABLE_ENCRYPT) {
if(ENCRYPT_TYPE==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,ENCRYPT_PASS);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,ENCRYPT_PASS) );
}
}
else
$info=base64_encode($info);
return $info;
if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") {
require_once("aes.php");
$info = AESEncryptCtr($info, ENCRYPT_PASS);
} else {
require_once("rc4.php");
$info = base64_encode(rc4($info, ENCRYPT_PASS));
}
} else
$info = base64_encode($info);
return $info;
}
function decrypt($info)
function decrypt($info)
{
if(ENABLE_ENCRYPT) {
if(ENCRYPT_TYPE==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,ENCRYPT_PASS);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),ENCRYPT_PASS);
}
}
else
$info=base64_decode($info);
return $info;
if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") {
require_once("aes.php");
$info = AESDecryptCtr($info, ENCRYPT_PASS);
} else {
require_once("rc4.php");
$info = rc4(base64_decode($info), ENCRYPT_PASS);
}
} else
$info = base64_decode($info);
return $info;
}
//基于Discuz X3.1 function_misc.php
function convertip($ip, $ipdatafile) {
$ipaddr = '未知';
if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {
$iparray = explode('.', $ip);
if($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) {
$ipaddr = '局域网';
} elseif($iparray[0] > 255 || $iparray[1] > 255 || $iparray[2] > 255 || $iparray[3] > 255) {
$ipaddr = '错误ip';
} else {
if(@file_exists($ipdatafile)) {
if(!$fd = @fopen($ipdatafile, 'rb')) {
return 'ip库出错';
}
$ip = explode('.', $ip);
$ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3];
if(!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4)) ) return;
@$ipbegin = implode('', unpack('L', $DataBegin));
if($ipbegin < 0) $ipbegin += pow(2, 32);
@$ipend = implode('', unpack('L', $DataEnd));
if($ipend < 0) $ipend += pow(2, 32);
$ipAllNum = ($ipend - $ipbegin) / 7 + 1;
$BeginNum = $ip2num = $ip1num = 0;
$ipAddr1 = $ipAddr2 = '';
$EndNum = $ipAllNum;
while($ip1num > $ipNum || $ip2num < $ipNum) {
$Middle= intval(($EndNum + $BeginNum) / 2);
fseek($fd, $ipbegin + 7 * $Middle);
$ipData1 = fread($fd, 4);
if(strlen($ipData1) < 4) {
fclose($fd);
return '系统错误';
}
$ip1num = implode('', unpack('L', $ipData1));
if($ip1num < 0) $ip1num += pow(2, 32);
if($ip1num > $ipNum) {
$EndNum = $Middle;
continue;
}
$DataSeek = fread($fd, 3);
if(strlen($DataSeek) < 3) {
fclose($fd);
return '系统错误';
}
$DataSeek = implode('', unpack('L', $DataSeek.chr(0)));
fseek($fd, $DataSeek);
$ipData2 = fread($fd, 4);
if(strlen($ipData2) < 4) {
fclose($fd);
return '系统错误';
}
$ip2num = implode('', unpack('L', $ipData2));
if($ip2num < 0) $ip2num += pow(2, 32);
if($ip2num < $ipNum) {
if($Middle == $BeginNum) {
fclose($fd);
return '未知';
}
$BeginNum = $Middle;
}
}
$ipFlag = fread($fd, 1);
if($ipFlag == chr(1)) {
$ipSeek = fread($fd, 3);
if(strlen($ipSeek) < 3) {
fclose($fd);
return '系统错误';
}
$ipSeek = implode('', unpack('L', $ipSeek.chr(0)));
fseek($fd, $ipSeek);
$ipFlag = fread($fd, 1);
}
if($ipFlag == chr(2)) {
$AddrSeek = fread($fd, 3);
if(strlen($AddrSeek) < 3) {
fclose($fd);
return '系统错误';
}
$ipFlag = fread($fd, 1);
if($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if(strlen($AddrSeek2) < 3) {
fclose($fd);
return '系统错误';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
}
while(($char = fread($fd, 1)) != chr(0))
$ipAddr2 .= $char;
$AddrSeek = implode('', unpack('L', $AddrSeek.chr(0)));
fseek($fd, $AddrSeek);
while(($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char;
} else {
fseek($fd, -1, SEEK_CUR);
while(($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char;
$ipFlag = fread($fd, 1);
if($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if(strlen($AddrSeek2) < 3) {
fclose($fd);
return '系统错误';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
}
while(($char = fread($fd, 1)) != chr(0))
$ipAddr2 .= $char;
}
fclose($fd);
$ipAddr1 = iconv("gb18030", "utf-8//IGNORE", $ipAddr1);
if($ipAddr2){
if(ord($ipAddr2{0}) == 2)
$ipAddr2 = "";
else
$ipAddr2 = iconv("gb18030", "utf-8//IGNORE", $ipAddr2);
}
if(preg_match('/http/i', $ipAddr2)) {
$ipAddr2 = '';
}
$ipaddr = $ipAddr1.$ipAddr2;
$ipaddr = preg_replace('/CZ88\.NET/is', '', $ipaddr);
$ipaddr = preg_replace('/^\s*/is', '', $ipaddr);
$ipaddr = preg_replace('/\s*$/is', '', $ipaddr);
if(preg_match('/http/i', $ipaddr) || $ipaddr == '') {
$ipaddr = '未知';
}
return htmlspecialchars($ipaddr,ENT_QUOTES,'UTF-8');
}
}
}
return $ipaddr;
}
?>
function convertip($ip, $ipdatafile)
{
$ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {
$iparray = explode('.', $ip);
if ($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) {
$ipaddr = '局域网';
} elseif ($iparray[0] > 255 || $iparray[1] > 255 || $iparray[2] > 255 || $iparray[3] > 255) {
$ipaddr = '错误ip';
} else {
if (@file_exists($ipdatafile)) {
if (!$fd = @fopen($ipdatafile, 'rb')) {
return 'ip库出错';
}
$ip = explode('.', $ip);
$ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3];
if (!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4)))
return;
@$ipbegin = implode('', unpack('L', $DataBegin));
if ($ipbegin < 0)
$ipbegin += pow(2, 32);
@$ipend = implode('', unpack('L', $DataEnd));
if ($ipend < 0)
$ipend += pow(2, 32);
$ipAllNum = ($ipend - $ipbegin) / 7 + 1;
$BeginNum = $ip2num = $ip1num = 0;
$ipAddr1 = $ipAddr2 = '';
$EndNum = $ipAllNum;
while ($ip1num > $ipNum || $ip2num < $ipNum) {
$Middle = intval(($EndNum + $BeginNum) / 2);
fseek($fd, $ipbegin + 7 * $Middle);
$ipData1 = fread($fd, 4);
if (strlen($ipData1) < 4) {
fclose($fd);
return '系统错误';
}
$ip1num = implode('', unpack('L', $ipData1));
if ($ip1num < 0)
$ip1num += pow(2, 32);
if ($ip1num > $ipNum) {
$EndNum = $Middle;
continue;
}
$DataSeek = fread($fd, 3);
if (strlen($DataSeek) < 3) {
fclose($fd);
return '系统错误';
}
$DataSeek = implode('', unpack('L', $DataSeek . chr(0)));
fseek($fd, $DataSeek);
$ipData2 = fread($fd, 4);
if (strlen($ipData2) < 4) {
fclose($fd);
return '系统错误';
}
$ip2num = implode('', unpack('L', $ipData2));
if ($ip2num < 0)
$ip2num += pow(2, 32);
if ($ip2num < $ipNum) {
if ($Middle == $BeginNum) {
fclose($fd);
return '未知';
}
$BeginNum = $Middle;
}
}
$ipFlag = fread($fd, 1);
if ($ipFlag == chr(1)) {
$ipSeek = fread($fd, 3);
if (strlen($ipSeek) < 3) {
fclose($fd);
return '系统错误';
}
$ipSeek = implode('', unpack('L', $ipSeek . chr(0)));
fseek($fd, $ipSeek);
$ipFlag = fread($fd, 1);
}
if ($ipFlag == chr(2)) {
$AddrSeek = fread($fd, 3);
if (strlen($AddrSeek) < 3) {
fclose($fd);
return '系统错误';
}
$ipFlag = fread($fd, 1);
if ($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if (strlen($AddrSeek2) < 3) {
fclose($fd);
return '系统错误';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2 . chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
}
while (($char = fread($fd, 1)) != chr(0))
$ipAddr2 .= $char;
$AddrSeek = implode('', unpack('L', $AddrSeek . chr(0)));
fseek($fd, $AddrSeek);
while (($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char;
} else {
fseek($fd, -1, SEEK_CUR);
while (($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char;
$ipFlag = fread($fd, 1);
if ($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if (strlen($AddrSeek2) < 3) {
fclose($fd);
return '系统错误';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2 . chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
}
while (($char = fread($fd, 1)) != chr(0))
$ipAddr2 .= $char;
}
fclose($fd);
$ipAddr1 = iconv("gb18030", "utf-8//IGNORE", $ipAddr1);
if ($ipAddr2) {
if (ord($ipAddr2{0}) == 2)
$ipAddr2 = "";
else
$ipAddr2 = iconv("gb18030", "utf-8//IGNORE", $ipAddr2);
}
if (preg_match('/http/i', $ipAddr2)) {
$ipAddr2 = '';
}
$ipaddr = $ipAddr1 . $ipAddr2;
$ipaddr = preg_replace('/CZ88\.NET/is', '', $ipaddr);
$ipaddr = preg_replace('/^\s*/is', '', $ipaddr);
$ipaddr = preg_replace('/\s*$/is', '', $ipaddr);
if (preg_match('/http/i', $ipaddr) || $ipaddr == '') {
$ipaddr = '未知';
}
return htmlspecialchars($ipaddr, ENT_QUOTES, 'UTF-8');
}
}
}
return $ipaddr;
}

73
index.php
View File

@@ -1,67 +1,66 @@
<?php
define("IN_XSS_PLATFORM",true);
define("IN_XSS_PLATFORM", true);
ignore_user_abort(true);
error_reporting(0);
//sometimes we only need "referfer".
/*
if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0)
exit();
exit();
*/
header("Access-Control-Allow-Origin:*");
header("Access-Control-Allow-Origin:*");
require_once("load.php");
require_once("functions.php");
require_once("dio.php");
require_once("config.php");
$info = array();
$user_IP = isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"unknown";
$user_port = isset($_SERVER['REMOTE_PORT'])?$_SERVER['REMOTE_PORT']:"unknown";
$protocol = isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:"unknown";
$request_method = isset($_SERVER['REQUEST_METHOD'])?$_SERVER['REQUEST_METHOD']:"unknown";
$request_URI = isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:"unknown";
$request_time = isset($_SERVER['REQUEST_TIME'])?$_SERVER['REQUEST_TIME']:time();
$user_IP = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "unknown";
$user_port = isset($_SERVER['REMOTE_PORT']) ? $_SERVER['REMOTE_PORT'] : "unknown";
$protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : "unknown";
$request_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : "unknown";
$request_URI = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : "unknown";
$request_time = isset($_SERVER['REQUEST_TIME']) ? $_SERVER['REQUEST_TIME'] : time();
$headers_data =getallheaders();
$headers_data = getallheaders();
//如果提交的数据有base64编码的就解码
$get_data=$_GET;
$decoded_get_data=tryBase64Decode($_GET);
$post_data=$_POST;
$decoded_post_data=tryBase64Decode($_POST);
$cookie_data=$_COOKIE;
$decoded_cookie_data=tryBase64Decode($_COOKIE);
$get_data = $_GET;
$decoded_get_data = tryBase64Decode($_GET);
$post_data = $_POST;
$decoded_post_data = tryBase64Decode($_POST);
$cookie_data = $_COOKIE;
$decoded_cookie_data = tryBase64Decode($_COOKIE);
//防xss过滤对array要同时处理key与value
$info['user_IP'] = stripStr($user_IP);
$info['user_port'] = stripStr($user_port);
$info['protocol'] = stripStr($protocol);
$info['user_IP'] = stripStr($user_IP);
$info['user_port'] = stripStr($user_port);
$info['protocol'] = stripStr($protocol);
$info['request_method'] = stripStr($request_method);
$info['request_URI'] = stripStr($request_URI);
$info['request_time'] = stripStr($request_time);
$info['headers_data'] = stripArr($headers_data);
$info['request_URI'] = stripStr($request_URI);
$info['request_time'] = stripStr($request_time);
$info['headers_data'] = stripArr($headers_data);
$info['get_data'] = stripArr($get_data);
if($decoded_get_data)
$info['decoded_get_data'] = stripArr($decoded_get_data);
if ($decoded_get_data)
$info['decoded_get_data'] = stripArr($decoded_get_data);
$info['post_data'] = stripArr($post_data);
if($decoded_post_data)
$info['decoded_post_data'] = stripArr($decoded_post_data);
if ($decoded_post_data)
$info['decoded_post_data'] = stripArr($decoded_post_data);
$info['cookie_data'] = stripArr($cookie_data);
if($decoded_cookie_data)
$info['decoded_cookie_data'] = stripArr($decoded_cookie_data);
if ($decoded_cookie_data)
$info['decoded_cookie_data'] = stripArr($decoded_cookie_data);
//判断是否keepsession判断标准get或者post或者cookie包含keepsession=1
$info['keepsession']=isKeepSession($info)?true:false;
$info['keepsession'] = isKeepSession($info) ? true : false;
save_xss_record(json_encode($info),$request_time);
save_xss_record(json_encode($info), $request_time);
//发送邮件通知
if(MAIL_ENABLE) {
require_once("mail.php");
send_mail($info);
}
?>
if (MAIL_ENABLE) {
require_once("mail.php");
@send_mail($info);
}

465
install.php Normal file
View File

@@ -0,0 +1,465 @@
<?php
define("IN_XSS_PLATFORM",true);
ignore_user_abort(true);
//检测是否已经安装
if ( file_exists('config.php') ) {
display_header();
@unlink($_SERVER['SCRIPT_FILENAME']);
die( '<h1>已安装</h1><p>请勿重复安装!</p><p class="step"><a href="login.php" class="button button-large">登录</a></p></body></html>' );
}
$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
switch($step) {
case 0: // 显示说明
display_header();
?>
<form id="setup" method="post" action="?step=1">
<h1>欢迎</h1>
<p>欢迎使用本平台,安装开始前,请仔细阅读以下说明</p>
<p>手动安装方法将config-sample.php改名为config.php删除install.php即可。</p>
<h2>警告:</h2>
<p><b>本工具仅允许用于学习、研究场景,严禁用于任何非法用途!</b></p>
<p>人在做,天在看。善恶终有报,天道好轮回。不信抬头看,苍天饶过谁。</p>
<p class="step"><input name="submit" type="submit" value="安装" class="button button-large"></p>
</form>
<?php
break;
case 1: // 配置
display_header();
?>
<h1>配置</h1>
<p>请按照下面提示配置xss平台默认配置可直接下一步</p>
<?php
display_setup_form();
break;
case 2: // 写入config.php
display_header();
//输入处理使用stripStr过滤xss使用json_encode生成最终string
$encrypt_enable = isset( $_POST['encrypt_enable'] ) ? true : false;
$keep_session_enable = isset( $_POST['keep_session_enable'] ) ? true : false;
$mail_enable = isset( $_POST['mail_enable'] ) ? true : false;
$pass = isset( $_POST['pass'] ) ? stripStr($_POST['pass']) : '';
$encrypt_pass = isset( $_POST['encrypt_pass'] ) ? stripStr($_POST['encrypt_pass']) : '';
$mail_pass = isset( $_POST['mail_pass'] ) ? stripStr($_POST['mail_pass']) : '';
$data_path = isset($_POST['data_path']) ? stripStr(trim( $_POST['data_path'] )) : '';
$js_template_path = isset( $_POST['js_template_path'] ) ? stripStr(trim( $_POST['js_template_path'] )) : '';
$my_js_path = isset( $_POST['my_js_path'] ) ? stripStr(trim( $_POST['my_js_path'] )) : '';
$encrypt_type = isset( $_POST['encrypt_type'] ) ? stripStr(trim( $_POST['encrypt_type'] )) : '';
$ipdata_path = isset( $_POST['ipdata_path'] ) ? stripStr(trim( $_POST['ipdata_path'] )) : '';
$smtp_server = isset( $_POST['smtp_server'] ) ? stripStr(trim( $_POST['smtp_server'] )) : '';
$smtp_port = isset( $_POST['smtp_port'] ) ? stripStr(trim( $_POST['smtp_port'] )) : '';
$smtp_secure = isset( $_POST['smtp_secure'] ) ? stripStr(trim( $_POST['smtp_secure'] )) : '';
$mail_user = isset( $_POST['mail_user'] ) ? stripStr(trim( $_POST['mail_user'] )) : '';
$mail_from = isset( $_POST['mail_from'] ) ? stripStr(trim( $_POST['mail_from'] )) : '';
$mail_recv = isset( $_POST['mail_recv'] ) ? stripStr(trim( $_POST['mail_recv'] )) : '';
$error = false;
if ( $pass==='' ) {
display_setup_form( '登录密码不可为空' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $data_path ) ) {
display_setup_form( 'xss数据存储路径非法' );
$error = true;
}
else if ( !is_dir ( $data_path ) ) {
display_setup_form( 'xss数据存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $data_path ) ) {
display_setup_form( 'xss数据存储路径不可写' );
$error = true;
}
else if ( glob($js_template_path.'/*')=== glob('static/js'.'/*') ) {
display_setup_form( 'js模板存储路径非法' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $js_template_path ) ) {
display_setup_form( 'js模板存储路径非法' );
$error = true;
}
else if ( !is_dir ( $js_template_path ) ) {
display_setup_form( 'js模板存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $js_template_path ) ) {
display_setup_form( 'js模板存储路径不可写' );
$error = true;
}
else if ( glob($my_js_path.'/*')=== glob('static/js'.'/*') ) {
display_setup_form( '我的js存储路径非法' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $my_js_path ) ) {
display_setup_form( '我的js存储路径非法' );
$error = true;
}
else if ( !is_dir ( $my_js_path ) ) {
display_setup_form( '我的js存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $my_js_path ) ) {
display_setup_form( '我的js存储路径不可写' );
$error = true;
}
else if ( $encrypt_enable && $encrypt_pass==='' ) {
display_setup_form( '加密密码不可为空' );
$error = true;
}
else if ( $encrypt_type!=="RC4" && $encrypt_type !== "AES" ) {
display_setup_form( '加密方式错误' );
$error = true;
}
else if ( !file_exists( $ipdata_path ) ) {
display_setup_form( 'ip数据库不存在' );
$error = true;
}
else if ( !preg_match( '/^[0-9]*$/' , $smtp_port ) ) {
display_setup_form( 'SMTP端口不合法' );
$error = true;
}
else
{
//生成密码hash
$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';
$pass=md5($salt.$pass.$salt);
$pass=md5($salt.$pass.$salt);
$pass=md5($salt.$pass.$salt);
$config_str = <<<CONFIG
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
CONFIG;
$config_str .= 'define("PASS", '.json_encode($pass).');//后台登录密码默认密码bluelotus' . PHP_EOL;
//正则判断过不做json_encode处理
$config_str .= 'define("DATA_PATH", "'.$data_path.'");//xss记录、封禁ip列表存放目录' . PHP_EOL;
$config_str .= 'define("JS_TEMPLATE_PATH", "'.$js_template_path.'");//js模板存放目录' . PHP_EOL;
$config_str .= 'define("MY_JS_PATH", "'.$my_js_path.'");//我的js存放目录' . PHP_EOL;
$config_str .= 'define("ENCRYPT_ENABLE", '.($encrypt_enable?"true":"false").');//是否加密“xss记录封禁ip列表js描述”' . PHP_EOL;
$config_str .= 'define("ENCRYPT_PASS", '.json_encode( $encrypt_pass).');//加密密码' . PHP_EOL;
$config_str .= 'define("ENCRYPT_TYPE", '.json_encode( $encrypt_type).');//加密方法AES或RC4' . PHP_EOL;
$config_str .= 'define("KEEP_SESSION", '.($keep_session_enable?"true":"false").');//是否启用KEEP_SESSION功能需要外部定时访问keepsession.php' . PHP_EOL;
$config_str .= 'define("IPDATA_PATH", '.json_encode( $ipdata_path).');//ip归属地数据库地址' . PHP_EOL;
$config_str .= 'define("MAIL_ENABLE", '.($mail_enable?"true":"false").');//开启邮件通知' . PHP_EOL;
$config_str .= 'define("SMTP_SERVER", '.json_encode( $smtp_server).');//smtp服务器' . PHP_EOL;
//正则判断过不做json_encode处理
$config_str .= 'define("SMTP_PORT", '.$smtp_port.');//端口' . PHP_EOL;
$config_str .= 'define("SMTP_SECURE", '.json_encode( $smtp_secure).');' . PHP_EOL;
$config_str .= 'define("MAIL_USER", '.json_encode( $mail_user).');//发件人用户名' . PHP_EOL;
$config_str .= 'define("MAIL_PASS", '.json_encode( $mail_pass).');//发件人密码' . PHP_EOL;
$config_str .= 'define("MAIL_FROM", '.json_encode( $mail_from).');//发件人地址(需真实,不可伪造)' . PHP_EOL;
$config_str .= 'define("MAIL_RECV", '.json_encode( $mail_recv).');//接收通知的邮件地址' . PHP_EOL;
if (file_put_contents("config.php", $config_str)===false)
{
display_setup_form( '无法写入配置文件,请确保根目录有写权限' );
$error = true;
}
}
if ( $error === false ) {
//重加密记录
modify_js_desc($my_js_path,true,'bluelotus','RC4',$encrypt_enable,$encrypt_pass, $encrypt_type);
modify_js_desc($js_template_path,true,'bluelotus','RC4',$encrypt_enable,$encrypt_pass, $encrypt_type);
//安装完成,自杀
@unlink($_SERVER['SCRIPT_FILENAME']);
@unlink('config-sample.php');
?>
<h1>安装成功</h1>
<p>XSS平台安装成功请点下方链接登录后台</p>
<p class="step"><a href="login.php" class="button button-large">登录</a></p>
<?php
}
break;
}
function display_header( ) {
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex,nofollow" />
<title>安装</title>
<link rel="stylesheet" href="static/css/install.css" type="text/css" />
</head>
<body class="core-ui">
<p id="logo">
<a href="1" tabindex="-1"></a>
</p>
<?php
} // end display_header()
function display_setup_form( $error = null ) {
$encrypt_enable = isset( $_POST['encrypt_enable'] ) ? true : false;
$keep_session_enable = isset( $_POST['keep_session_enable'] ) ? true : false;
$mail_enable = isset( $_POST['mail_enable'] ) ? true : false;
$pass = isset( $_POST['pass'] ) ? stripStr($_POST['pass']) : 'bluelotus';
$encrypt_pass = isset( $_POST['encrypt_pass'] ) ? stripStr($_POST['encrypt_pass']) : 'bluelotus';
$mail_pass = isset( $_POST['mail_pass'] ) ? stripStr($_POST['mail_pass']) : 'xxxxxx';
$data_path = isset($_POST['data_path']) ? stripStr(trim( $_POST['data_path'] )) : 'data';
$js_template_path = isset( $_POST['js_template_path'] ) ? stripStr(trim( $_POST['js_template_path'] )) : 'template';
$my_js_path = isset( $_POST['my_js_path'] ) ? stripStr(trim( $_POST['my_js_path'] )) : 'myjs';
$encrypt_type = isset( $_POST['encrypt_type'] ) ? stripStr(trim( $_POST['encrypt_type'] )) : 'RC4';
$ipdata_path = isset( $_POST['ipdata_path'] ) ? stripStr(trim( $_POST['ipdata_path'] )) : 'qqwry.dat';
$smtp_server = isset( $_POST['smtp_server'] ) ? stripStr(trim( $_POST['smtp_server'] )) : 'smtp.xxx.com';
$smtp_port = isset( $_POST['smtp_port'] ) ? stripStr(trim( $_POST['smtp_port'] )) : '465';
$smtp_secure = isset( $_POST['smtp_secure'] ) ? stripStr(trim( $_POST['smtp_secure'] )) : 'ssl';
$mail_user = isset( $_POST['mail_user'] ) ? stripStr(trim( $_POST['mail_user'] )) : 'xxx@xxx.com';
$mail_from = isset( $_POST['mail_from'] ) ? stripStr(trim( $_POST['mail_from'] )) : 'xxx@xxx.com';
$mail_recv = isset( $_POST['mail_recv'] ) ? stripStr(trim( $_POST['mail_recv'] )) : 'xxx@xxx.com';
if ( ! is_null( $error ) ) {
?>
<h1>错误</h1>
<p class="message"><?php echo stripStr($error); ?></p>
<?php
}
?>
<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
<table class="form-table">
<tr>
<th scope="row"><label for="pass">后台登录密码</label></th>
<td>
<input name="pass" type="text" id="pass" size="25" value="<?php echo $pass;?>" required="required" />
<p>特殊字符会被转义,慎用,下同</p>
</td>
</tr>
<tr>
<th scope="row"><label for="data_path">xss数据存储路径</label></th>
<td>
<input name="data_path" type="text" id="data_path" size="25" value="<?php echo $data_path; ?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="js_template_path">js模板存储路径</label></th>
<td>
<input name="js_template_path" type="text" id="js_template_path" size="25" value="<?php echo $js_template_path;?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="my_js_path">我的js存储路径</label></th>
<td>
<input name="my_js_path" type="text" id="my_js_path" size="25" value="<?php echo $my_js_path;?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_enable">启用数据加密</label></th>
<td>
<input type="checkbox" name="encrypt_enable" type="text" id="encrypt_enable" size="25" value="1" <?php if( !isset( $_POST['encrypt_enable'] ) || $encrypt_enable===true ) echo 'checked="checked"';?> />
<p>对xss记录js描述文件加密</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_pass">数据加密密码</label></th>
<td>
<input name="encrypt_pass" type="text" id="encrypt_pass" size="25" value="<?php echo $encrypt_pass;?>" />
<p>加密数据的密码</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_type">加密方式</label></th>
<td>
<select name="encrypt_type" type="text" id="encrypt_type" size="1">
<option value ="RC4" <?php if($encrypt_type==="RC4") echo 'selected="selected"';?> >RC4</option>
<option value ="AES" <?php if($encrypt_type!=="RC4") echo 'selected="selected"';?> >AES</option>
</select>
</td>
</tr>
<tr>
<th scope="row"><label for="keep_session_enable">启用keepsession</label></th>
<td>
<input type="checkbox" name="keep_session_enable" type="text" id="keep_session_enable" size="25" value="1" <?php if(!isset( $_POST['keep_session_enable'] ) || $keep_session_enable===true) echo 'checked="checked"';?> />
<p>详见README.md说明</p>
</td>
</tr>
<tr>
<th scope="row"><label for="ipdata_path">ip数据库位置</label></th>
<td>
<input name="ipdata_path" type="text" id="ipdata_path" size="25" value="<?php echo $ipdata_path;?>" required="required" />
<p>纯真qqwry.dat位置</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_enable">启用邮件通知</label></th>
<td>
<input type="checkbox" name="mail_enable" type="text" id="mail_enable" size="25" value="1" <?php if($mail_enable===true) echo 'checked="checked"';?> />
<p>收到xss消息后邮件通知</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_server">SMTP服务器</label></th>
<td>
<input name="smtp_server" type="text" id="smtp_server" size="25" value="<?php echo $smtp_server;?>" />
<p>SMTP服务器地址</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_port">SMTP服务器端口</label></th>
<td>
<input name="smtp_port" type="text" id="smtp_port" size="25" value="<?php echo $smtp_port;?>" />
<p>详询服务提供商</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_secure">SMTP安全项</label></th>
<td>
<input name="smtp_secure" type="text" id="smtp_secure" size="25" value="<?php echo $smtp_secure;?>" />
<p>默认无需修改</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_user">SMTP用户名</label></th>
<td>
<input name="mail_user" type="text" id="mail_user" size="25" value="<?php echo $mail_user;?>" />
<p>一般只是邮箱@之前的部分</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_pass">SMTP密码</label></th>
<td>
<input name="mail_pass" type="text" id="mail_pass" size="25" value="<?php echo $mail_pass;?>" />
<p>发件邮箱的密码</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_from">发件人地址</label></th>
<td>
<input name="mail_from" type="text" id="mail_from" size="25" value="<?php echo $mail_from;?>" />
<p>不可伪造,否者无法发送</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_recv">收件人地址</label></th>
<td>
<input name="mail_recv" type="text" id="mail_recv" size="25" value="<?php echo $mail_recv;?>" />
<p>接收通知的邮件地址</p>
</td>
</tr>
</table>
<p class="step"><input name="submit" type="submit" value="提交" class="button button-large"></p>
</form>
<?php
} // end display_setup_form()
//xss过滤
function stripStr($str){
if(get_magic_quotes_gpc())
$str=stripslashes($str);
return htmlspecialchars($str,ENT_QUOTES,'UTF-8');
}
//js描述重加密
function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type)
{
$files = glob($path . '/*.js');
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$desc=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
if($desc!==false)
$desc=decrypt($desc,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type);
else
$desc="";
$desc=encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
@file_put_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc', $desc);
}
}
//加密
function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,$encrypt_pass) );
}
}
else
$info=base64_encode($info);
return $info;
}
//解密
function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),$encrypt_pass);
}
}
else
$info=base64_decode($info);
return $info;
}
?>

184
keepsession.php
View File

@@ -1,106 +1,102 @@
<?php
define("IN_XSS_PLATFORM",true);
define("IN_XSS_PLATFORM", true);
ignore_user_abort();
//Windows平台最好别设成0因为windows上lock没法实现非阻塞
set_time_limit(0);
require_once("config.php");
require_once("load.php");
require_once("functions.php");
require_once("dio.php");
if(KEEP_SESSION)
if (KEEP_SESSION) {
//利用非阻塞的flock实现单例运行
$pid = fopen(DATA_PATH . '/check.pid', "w");
if (!$pid)
exit();
if (flock($pid, LOCK_EX | LOCK_NB)) {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename = basename($file, ".php");
$info = load_xss_record($filename);
if ($info['keepsession'] === true) {
$url = getLocation($info);
$cookie = getCookie($info);
$useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
if (isset($info['headers_data']['User-Agent']))
$useragent = $info['headers_data']['User-Agent'];
$ip = $info['user_IP'];
if ($url != "" && $cookie != "") {
$ch = curl_init();
$header[] = 'User-Agent: ' . $useragent;
$header[] = 'Cookie: ' . $cookie;
$header[] = 'X-Forwarded-For: ' . $ip;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//https不校验证书按需开启吧
//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
curl_exec($ch);
curl_close($ch);
}
}
}
//可加上sleep来防止keepsession被ddos
//sleep(10);
flock($pid, LOCK_UN);
}
fclose($pid);
}
function getCookie($info)
{
//利用非阻塞的flock实现单例运行
$pid = fopen(DATA_PATH. '/check.pid', "w");
if(!$pid)
exit();
if(flock($pid, LOCK_EX|LOCK_NB))
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename=basename($file,".php");
$info=load_xss_record($filename);
if($info['keepsession']===true)
{
$url=getLocation($info);
$cookie=getCookie($info);
$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
if(isset($info['headers_data']['User-Agent']))
$useragent=$info['headers_data']['User-Agent'];
$ip=$info['user_IP'];
if($url!="" && $cookie!="")
{
$ch = curl_init();
$header[]= 'User-Agent: '.$useragent;
$header[]= 'Cookie: '.$cookie;
$header[]= 'X-Forwarded-For: '.$ip;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_TIMEOUT,10);
//https不校验证书按需开启吧
//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
curl_exec($ch);
curl_close($ch);
}
}
}
//可加上sleep来防止keepsession被ddos
//sleep(10);
flock($pid, LOCK_UN);
}
fclose($pid);
$cookie = "";
if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
$cookie = $info['decoded_get_data']['cookie'];
else if (isset($info['get_data']['cookie']) && $info['get_data']['cookie'] != "")
$cookie = $info['get_data']['cookie'];
else if (isset($info['decoded_post_data']['cookie']) && $info['decoded_post_data']['cookie'] != "")
$cookie = $info['decoded_post_data']['cookie'];
else if (isset($info['post_data']['cookie']) && $info['post_data']['cookie'] != "")
$cookie = $info['post_data']['cookie'];
else if (isset($info['decoded_cookie_data']['cookie']) && $info['decoded_cookie_data']['cookie'] != "")
$cookie = $info['decoded_cookie_data']['cookie'];
else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
$cookie = $info['cookie_data']['cookie'];
return htmlspecialchars_decode(stripslashes($cookie), ENT_QUOTES);
}
function getCookie($info){
$cookie="";
if(isset($info['decoded_get_data']['cookie'])&&$info['decoded_get_data']['cookie']!="")
$cookie=$info['decoded_get_data']['cookie'];
else if(isset($info['get_data']['cookie'])&&$info['get_data']['cookie']!="")
$cookie=$info['get_data']['cookie'];
else if(isset($info['decoded_post_data']['cookie'])&&$info['decoded_post_data']['cookie']!="")
$cookie=$info['decoded_post_data']['cookie'];
else if(isset($info['post_data']['cookie'])&&$info['post_data']['cookie']!="")
$cookie=$info['post_data']['cookie'];
else if(isset($info['decoded_cookie_data']['cookie'])&&$info['decoded_cookie_data']['cookie']!="")
$cookie=$info['decoded_cookie_data']['cookie'];
else if(isset($info['cookie_data']['cookie'])&&$info['cookie_data']['cookie']!="")
$cookie=$info['cookie_data']['cookie'];
return htmlspecialchars_decode(stripslashes($cookie),ENT_QUOTES);
}
function getLocation($info){
$location="";
if(isset($info['decoded_get_data']['location'])&&$info['decoded_get_data']['location']!="")
$location=$info['decoded_get_data']['location'];
else if(isset($info['get_data']['location'])&&$info['get_data']['location']!="")
$location=$info['get_data']['location'];
else if(isset($info['decoded_post_data']['location'])&&$info['decoded_post_data']['location']!="")
$location=$info['decoded_post_data']['location'];
else if(isset($info['post_data']['location'])&&$info['post_data']['location']!="")
$location=$info['post_data']['location'];
else if(isset($info['decoded_cookie_data']['location'])&&$info['decoded_cookie_data']['location']!="")
$location=$info['decoded_cookie_data']['location'];
else if(isset($info['cookie_data']['location'])&&$info['cookie_data']['location']!="")
$location=$info['cookie_data']['location'];
else if(isset($info['headers_data']['Referer'])&&$info['headers_data']['Referer']!="")
$location=$info['headers_data']['Referer'];
return htmlspecialchars_decode(stripslashes($location),ENT_QUOTES);
}
?>
function getLocation($info)
{
$location = "";
if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
$location = $info['decoded_get_data']['location'];
else if (isset($info['get_data']['location']) && $info['get_data']['location'] != "")
$location = $info['get_data']['location'];
else if (isset($info['decoded_post_data']['location']) && $info['decoded_post_data']['location'] != "")
$location = $info['decoded_post_data']['location'];
else if (isset($info['post_data']['location']) && $info['post_data']['location'] != "")
$location = $info['post_data']['location'];
else if (isset($info['decoded_cookie_data']['location']) && $info['decoded_cookie_data']['location'] != "")
$location = $info['decoded_cookie_data']['location'];
else if (isset($info['cookie_data']['location']) && $info['cookie_data']['location'] != "")
$location = $info['cookie_data']['location'];
else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
$location = $info['headers_data']['Referer'];
return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES);
}

8
load.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
if (file_exists('config.php')) {
require_once('config.php');
} else {
//缺少config文件转至install.php
header("Location: install.php");
exit();
}

173
login.php
View File

@@ -1,88 +1,81 @@
<?php
define("IN_XSS_PLATFORM",true);
define("IN_XSS_PLATFORM", true);
require_once("load.php");
require_once("functions.php");
//CSP开启
header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; object-src 'none'; frame-src 'none'");
//设置httponly
ini_set("session.cookie_httponly", 1);
ini_set("session.cookie_httponly", 1);
session_start();
require_once("config.php");
require_once("functions.php");
//判断是否登陆
if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
{
header("Location: admin.php");
exit();
if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) {
header("Location: admin.php");
exit();
}
//判断ip是否在封禁列表中
$forbiddenIPList=loadForbiddenIPList();
$ip=$_SERVER['REMOTE_ADDR'];
$is_pass_wrong=false;
if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5)
{
if(isset($_POST['password']) && $_POST['password']!="")
{
if(checkPassword($_POST['password']))
{
$_SESSION['isLogin']=true;
$_SESSION['user_IP']=$ip;
$_SESSION['user_agent']=$_SERVER['HTTP_USER_AGENT'];
if(isset($forbiddenIPList[$ip]))
{
unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList);
}
header("Location: admin.php");
exit();
}
else
{
if(isset($forbiddenIPList[$ip]))
$forbiddenIPList[$ip]++;
else
$forbiddenIPList[$ip]=1;
saveForbiddenIPList($forbiddenIPList);
$is_pass_wrong=true;
}
}
}
else
$is_pass_wrong=true;
$forbiddenIPList = loadForbiddenIPList();
$ip = $_SERVER['REMOTE_ADDR'];
$is_pass_wrong = false;
if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
if (isset($_POST['password']) && $_POST['password'] != "") {
if (checkPassword($_POST['password'])) {
$_SESSION['isLogin'] = true;
$_SESSION['user_IP'] = $ip;
$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
if (isset($forbiddenIPList[$ip])) {
unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList);
}
header("Location: admin.php");
exit();
} else {
if (isset($forbiddenIPList[$ip]))
$forbiddenIPList[$ip]++;
else
$forbiddenIPList[$ip] = 1;
saveForbiddenIPList($forbiddenIPList);
$is_pass_wrong = true;
}
}
} else
$is_pass_wrong = true;
function loadForbiddenIPList()
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str = @file_get_contents( $logfile );
if($str===false)
return array();
$str =decrypt($str);
if($str!='')
{
$result=json_decode($str,true);
if($result!=null)
return $result;
else
return array();
}
else
return array();
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = @file_get_contents($logfile);
if ($str === false)
return array();
$str = decrypt($str);
if ($str != '') {
$result = json_decode($str, true);
if ($result != null)
return $result;
else
return array();
} else
return array();
}
function saveForbiddenIPList($forbiddenIPList)
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str=json_encode($forbiddenIPList);
$str = encrypt($str);
@file_put_contents($logfile, $str);
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = json_encode($forbiddenIPList);
$str = encrypt($str);
@file_put_contents($logfile, $str);
}
/*
@@ -91,27 +84,27 @@ php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt
*/
function checkPassword($p)
{
if(isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck']!="" && $_POST['firesunCheck']===$_SESSION['firesunCheck'])
{
//改了这个盐记得改login.js里的两个要一致
$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$key=PASS;
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
return $key===$p;
}
return false;
if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) {
//改了这个盐记得改login.js里的两个要一致
$salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$key = PASS;
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
return $key === $p;
}
return false;
}
//生成挑战应答的随机值
function generate_password( $length = 32 ) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ( $i = 0; $i < $length; $i++ )
$password .= $chars[ mt_rand(0, strlen($chars) - 1) ];
return $password;
}
function generate_password($length = 32)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ($i = 0; $i < $length; $i++)
$password .= $chars[mt_rand(0, strlen($chars) - 1)];
return $password;
}
?>
<html>
@@ -123,10 +116,10 @@ function generate_password( $length = 32 ) {
<script type="text/javascript" src="static/js/jquery.min.js" ></script>
<script type="text/javascript" src="static/js/login.js" ></script>
<?php
if($is_pass_wrong)
echo '<script type="text/javascript" src="static/js/pass_is_wrong.js" ></script>';
?>
<?php
if ($is_pass_wrong)
echo '<script type="text/javascript" src="static/js/pass_is_wrong.js" ></script>';
?>
</head>
<body>
@@ -138,7 +131,11 @@ function generate_password( $length = 32 ) {
</h1>
<form action="" method="post">
<input type="password" placeholder="password" id="password" name="password" required="required">
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> />
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php
$firesunCheck = generate_password(32);
$_SESSION['firesunCheck'] = $firesunCheck;
echo json_encode($_SESSION['firesunCheck']);
?> />
<button type="submit" id="submit" disabled="disabled">
<i class="fa fa-arrow-right">

9
logout.php
View File

@@ -1,10 +1,9 @@
<?php
session_start();
$_SESSION['isLogin']=false;
$_SESSION['user_IP']="";
$_SESSION['user_agent']="";
$_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = "";
session_unset();
session_destroy();
header("Location: login.php");
exit();
?>
exit();

70
mail.php
View File

@@ -1,41 +1,41 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("PHPMailer/PHPMailerAutoload.php");
require_once("config.php");
require_once("load.php");
function send_mail($xss_record_json)
{
$subject="GET:".count($xss_record_json['get_data'])."个 POST:".count($xss_record_json['post_data'])."个 Cookie:".count($xss_record_json['cookie_data'])."";
$body= json_encode($xss_record_json, JSON_UNESCAPED_UNICODE|JSON_PRETTY_PRINT);
$body=str_replace("\n","<br/>",$body);
$body=str_replace(" ","&nbsp;",$body);
$mail = new PHPMailer(); //实例化
$mail->isSendmail();
$mail->IsSMTP(); // 启用SMTP
$mail->Host = SMTP_SERVER; //SMTP服务器
$mail->Port = SMTP_PORT; //邮件发送端口
$mail->SMTPAuth = true; //启用SMTP认证
$mail->SMTPSecure = SMTP_SECURE;
$mail->CharSet = "UTF-8"; //字符集
$mail->Encoding = "base64"; //编码方式
$mail->Username = MAIL_USER; //你的邮箱
$mail->Password = MAIL_PASS; //你的密码
$mail->Subject = $subject; //邮件标题
$mail->From = MAIL_FROM; //发件人地址(也就是你的邮箱)
$mail->FromName = "通知"; //发件人姓名
$mail->AddAddress(MAIL_RECV);//添加收件人(地址,昵称)
$mail->IsHTML(true); //支持html格式内容
$mail->Body = $body;
$mail->Send();
}
?>
$subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . "";
$body = json_encode($xss_record_json, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
$body = str_replace("\n", "<br/>", $body);
$body = str_replace(" ", "&nbsp;", $body);
$mail = new PHPMailer(); //实例化
$mail->isSendmail();
$mail->IsSMTP(); // 启用SMTP
$mail->Host = SMTP_SERVER; //SMTP服务器
$mail->Port = SMTP_PORT; //邮件发送端口
$mail->SMTPAuth = true; //启用SMTP认证
$mail->SMTPSecure = SMTP_SECURE;
$mail->CharSet = "UTF-8"; //字符集
$mail->Encoding = "base64"; //编码方式
$mail->Username = MAIL_USER; //你的邮箱
$mail->Password = MAIL_PASS; //你的密码
$mail->Subject = $subject; //邮件标题
$mail->From = MAIL_FROM; //发件人地址(也就是你的邮箱)
$mail->FromName = "通知"; //发件人姓名
$mail->AddAddress(MAIL_RECV); //添加收件人(地址,昵称)
$mail->IsHTML(true); //支持html格式内容
$mail->Body = $body;
$mail->Send();
}

109
rc4.php
View File

@@ -1,4 +1,8 @@
<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
/*
* Copyright 2011 Michael Cutler <m@cotdp.com>
*
@@ -14,30 +18,31 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* A PHP implementation of RC4 based on the original C code from
* the 1994 usenet post:
*
* http://groups.google.com/groups?selm=sternCvKL4B.Hyy@netcom.com
*
* @param key_str the key as a binary string
* @param data_str the data to decrypt/encrypt as a binary string
* @return the result of the RC4 as a binary string
* @author Michael Cutler <m@cotdp.com>
*/
function rc4($data_str , $key_str) {
// convert input string(s) to array(s)
$key = array();
$data = array();
for ( $i = 0; $i < strlen($key_str); $i++ ) {
$key[] = ord($key_str{$i});
}
for ( $i = 0; $i < strlen($data_str); $i++ ) {
$data[] = ord($data_str{$i});
}
// prepare key
$state = array( 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
/**
* A PHP implementation of RC4 based on the original C code from
* the 1994 usenet post:
*
* http://groups.google.com/groups?selm=sternCvKL4B.Hyy@netcom.com
*
* @param key_str the key as a binary string
* @param data_str the data to decrypt/encrypt as a binary string
* @return the result of the RC4 as a binary string
* @author Michael Cutler <m@cotdp.com>
*/
function rc4($data_str, $key_str)
{
// convert input string(s) to array(s)
$key = array();
$data = array();
for ($i = 0; $i < strlen($key_str); $i++) {
$key[] = ord($key_str{$i});
}
for ($i = 0; $i < strlen($data_str); $i++) {
$data[] = ord($data_str{$i});
}
// prepare key
$state = array( 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
@@ -53,32 +58,30 @@
208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255 );
$len = count($key);
$index1 = $index2 = 0;
for( $counter = 0; $counter < 256; $counter++ ){
$index2 = ( $key[$index1] + $state[$counter] + $index2 ) % 256;
$tmp = $state[$counter];
$state[$counter] = $state[$index2];
$state[$index2] = $tmp;
$index1 = ($index1 + 1) % $len;
}
// rc4
$len = count($data);
$x = $y = 0;
for ($counter = 0; $counter < $len; $counter++) {
$x = ($x + 1) % 256;
$y = ($state[$x] + $y) % 256;
$tmp = $state[$x];
$state[$x] = $state[$y];
$state[$y] = $tmp;
$data[$counter] ^= $state[($state[$x] + $state[$y]) % 256];
}
// convert output back to a string
$data_str = "";
for ( $i = 0; $i < $len; $i++ ) {
$data_str .= chr($data[$i]);
}
return $data_str;
}
?>
$len = count($key);
$index1 = $index2 = 0;
for ($counter = 0; $counter < 256; $counter++) {
$index2 = ($key[$index1] + $state[$counter] + $index2) % 256;
$tmp = $state[$counter];
$state[$counter] = $state[$index2];
$state[$index2] = $tmp;
$index1 = ($index1 + 1) % $len;
}
// rc4
$len = count($data);
$x = $y = 0;
for ($counter = 0; $counter < $len; $counter++) {
$x = ($x + 1) % 256;
$y = ($state[$x] + $y) % 256;
$tmp = $state[$x];
$state[$x] = $state[$y];
$state[$y] = $tmp;
$data[$counter] ^= $state[($state[$x] + $state[$y]) % 256];
}
// convert output back to a string
$data_str = "";
for ($i = 0; $i < $len; $i++) {
$data_str .= chr($data[$i]);
}
return $data_str;
}

315
static/css/install.css Normal file
View File

@@ -0,0 +1,315 @@
html {
background: #222526;
margin: 0 20px;
}
body {
background: #fff;
color: #444;
font-family: 'Microsoft YaHei', "Open Sans", sans-serif;
margin: 190px auto 25px;
padding: 20px 20px 10px 20px;
max-width: 600px;
-webkit-font-smoothing: subpixel-antialiased;
-webkit-box-shadow: 0 1px 3px rgba(0,0,0,0.13);
box-shadow: 0 1px 3px rgba(0,0,0,0.13);
}
a {
color: #0073aa;
}
a:hover,
a:active {
color: #00a0d2;
}
a:focus {
color: #124964;
-webkit-box-shadow:
0 0 0 1px #5b9dd9,
0 0 2px 1px rgba(30, 140, 190, .8);
box-shadow:
0 0 0 1px #5b9dd9,
0 0 2px 1px rgba(30, 140, 190, .8);
}
.ie8 a:focus {
outline: #5b9dd9 solid 1px;
}
h1, h2 {
border-bottom: 1px solid #dedede;
clear: both;
color: #666;
font-size: 24px;
padding: 0;
padding-bottom: 7px;
font-weight: normal;
}
h3 {
font-size: 16px;
}
p, li, dd, dt {
padding-bottom: 2px;
font-size: 14px;
line-height: 1.5;
}
code, .code {
font-family: 'Microsoft YaHei', Consolas, Monaco, monospace;
}
ul, ol, dl {
padding: 5px 5px 5px 22px;
}
a img {
border:0
}
abbr {
border: 0;
font-variant: normal;
}
fieldset {
border: 0;
padding: 0;
margin: 0;
}
label {
cursor: pointer;
}
#logo {
margin: -170px 0 37px 0;
padding: 0 0 7px 0;
border-bottom: none;
text-align: center;
}
#logo a {
background-image: url(../images/logo.png);
-webkit-background-size: 180px;
background-size: 180px;
background-position: center top;
background-repeat: no-repeat;
color: #999;
height: 180px;
width: 300px;
font-size: 20px;
font-weight: normal;
line-height: 1.3em;
margin: -110px auto -50px;
padding: 0;
text-decoration: none;
text-indent: -9999px;
outline: none;
overflow: hidden;
display: block;
}
#logo a:focus {
-webkit-box-shadow: none;
box-shadow: none;
}
.step {
margin: 20px 0 15px;
}
.step, th {
text-align: left;
padding: 0;
}
.form-table {
border-collapse: collapse;
margin-top: 1em;
width: 100%;
}
.form-table td {
margin-bottom: 9px;
padding: 10px 20px 10px 0;
font-size: 14px;
vertical-align: top
}
.form-table th {
font-size: 14px;
text-align: left;
padding: 10px 20px 10px 0;
width: 140px;
vertical-align: top;
}
.form-table code {
line-height: 18px;
font-size: 14px;
}
.form-table p {
margin: 4px 0 0 0;
font-size: 11px;
display: inline;
}
.form-table input {
line-height: 20px;
font-size: 15px;
padding: 3px 5px;
border: 1px solid #ddd;
-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.07);
box-shadow: inset 0 1px 2px rgba(0,0,0,0.07);
}
input,
submit {
font-family: 'Microsoft YaHei',"Open Sans", sans-serif;
}
.form-table input[type=text],
.form-table input[type=email],
.form-table input[type=url],
.form-table input[type=password] {
width: 206px;
}
.form-table th p {
font-weight: normal;
}
.form-table.install-success th,
.form-table.install-success td {
vertical-align: middle;
padding: 16px 20px 16px 0;
}
.form-table.install-success td p {
margin: 0;
font-size: 14px;
}
.form-table.install-success td code {
margin: 0;
font-size: 18px;
}
.message {
border: 1px solid #c00;
padding: 0.5em 0.7em;
margin: 5px 0 15px;
background-color: #ffebe8;
}
.form-table span.description.important {
font-size: 12px;
}
/* localization */
body.rtl,
.rtl textarea,
.rtl input,
.rtl submit {
font-family: 'Microsoft YaHei', Tahoma, sans-serif;
}
:lang(he-il) body.rtl,
:lang(he-il) .rtl textarea,
:lang(he-il) .rtl input,
:lang(he-il) .rtl submit {
font-family: 'Microsoft YaHei', Arial, sans-serif;
}
@media only screen and (max-width: 799px) {
body {
margin-top: 115px;
}
#logo a {
margin: -125px auto 30px;
}
}
@media screen and ( max-width: 782px ) {
.form-table {
margin-top: 0;
}
.form-table th,
.form-table td {
display: block;
width: auto;
vertical-align: middle;
}
.form-table th {
padding: 20px 0 0;
}
.form-table td {
padding: 5px 0;
border: 0;
margin: 0;
}
textarea,
input {
font-size: 16px;
}
.form-table td input[type="text"],
.form-table td input[type="email"],
.form-table td input[type="url"],
.form-table td input[type="password"],
.form-table td select,
.form-table td textarea,
.form-table span.description {
width: 100%;
font-size: 16px;
line-height: 1.5;
padding: 7px 10px;
display: block;
max-width: none;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
}
#encrypt_enable, #keep_session_enable, #mail_enable {
margin-right: 200px;
}
.core-ui .button {
color: #555;
border-color: #ccc;
background: #f7f7f7;
-webkit-box-shadow: 0 1px 0 #ccc;
box-shadow: 0 1px 0 #ccc;
vertical-align: top;
display: inline-block;
text-decoration: none;
font-size: 13px;
line-height: 26px;
height: 28px;
margin: 0;
padding: 0 10px 1px;
cursor: pointer;
border-width: 1px;
border-style: solid;
-webkit-appearance: none;
-webkit-border-radius: 3px;
border-radius: 3px;
white-space: nowrap;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}