firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.5.3

Browse Source 
1. 增加referer校验防御CSRF
2. 修复若干小bug
3. 更新IP库
This commit is contained in:
firesun
2022-05-24 00:13:20 +08:00
parent ead56abef5
commit 82227be6bd
17 changed files with 124 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@@ -1,5 +1,5 @@
# XSS数据接收平台无SQL版 # XSS数据接收平台无SQL版
如从旧版本升级请务必先阅读Readme 如从旧版本升级请务必先阅读Readme。同时只是一个很久以前打CTF比赛练手的项目现在回看起来很多地方写的都不优雅不过难得的发现过了这么多年还能使用。本项目仅供学习交流使用不得用于任何非法用途。
## 平台说明 ## 平台说明
* 本平台设计理念: 简单配置即可使用无需数据库无需其他组件支持可直接在php虚拟空间使用 * 本平台设计理念: 简单配置即可使用无需数据库无需其他组件支持可直接在php虚拟空间使用
@@ -9,7 +9,7 @@
##安装说明 ##安装说明
###自动安装 ###自动安装
* 安装http server与php环境ubuntu: sudo apt-get install apache2 php5 或 sudo apt-get install apache2 php7.0 libapache2-mod-php7.0 * 安装http server与php环境ubuntu: sudo apt-get install apache2 php5 或 sudo apt-get install apache2 php7.4 libapache2-mod-php7.4
* 上传所有文件至空间根目录 * 上传所有文件至空间根目录
* 访问http://网站地址/ * 访问http://网站地址/
@@ -34,8 +34,8 @@ define('DATA_PATH', 'data');
define('JS_TEMPLATE_PATH', 'template'); define('JS_TEMPLATE_PATH', 'template');
define('MY_JS_PATH', 'myjs'); define('MY_JS_PATH', 'myjs');
define('ENABLE_ENCRYPT', true); define('ENABLE_ENCRYPT', true);
define('ENCRYPT_PASS', "bluelotus"); define('ENCRYPT_PASS', 'bluelotus');
define('ENCRYPT_TYPE', "RC4"); define('ENCRYPT_TYPE', 'RC4');
``` ```
* PASS为登录密码可用`php -r '$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";$key="你的密码";$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;'`生成密码hash * PASS为登录密码可用`php -r '$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";$key="你的密码";$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;'`生成密码hash
* 赋予`DATA_PATH``MY_JS_PATH``JS_TEMPLATE_PATH`对应的目录写权限 * 赋予`DATA_PATH``MY_JS_PATH``JS_TEMPLATE_PATH`对应的目录写权限
@@ -101,19 +101,20 @@ define('ENCRYPT_TYPE', "RC4");
* cookie和location参数支持base64编码keepsession.php会自动判断自动解码 * cookie和location参数支持base64编码keepsession.php会自动判断自动解码
* 如果不设置location将会使用HTTP Referer作为url * 如果不设置location将会使用HTTP Referer作为url
* keepsession.php使用`flock($pid, LOCK_EX|LOCK_NB)`实现单例运行由于windows下不支持无阻塞锁定所以最好删除keepsession.php里的`set_time_limit(0)`可自行加上sleep防止keepsession.php被恶意频繁访问 * keepsession.php使用`flock($pid, LOCK_EX|LOCK_NB)`实现单例运行由于windows下不支持无阻塞锁定所以最好删除keepsession.php里的`set_time_limit(0)`可自行加上sleep防止keepsession.php被恶意频繁访问
* 请自己做好SSRF防护
## 邮件提醒 ## 邮件提醒
修改config.php相关配置即可默认关闭开启后每次接收到xss都会发邮件通知需要短信提醒的直接把接收邮箱设置为手机邮箱即可 修改config.php相关配置即可默认关闭开启后每次接收到xss都会发邮件通知需要短信提醒的直接把接收邮箱设置为手机邮箱即可
``` ```
define('MAIL_ENABLE', false);//开启邮件通知 define('MAIL_ENABLE', false);//开启邮件通知
define('SMTP_SERVER', "smtp.xxx.com");//smtp服务器 define('SMTP_SERVER', 'smtp.xxx.com');//smtp服务器
define('SMTP_PORT', 465);//端口 define('SMTP_PORT', 465);//端口
define('SMTP_SECURE', "ssl"); define('SMTP_SECURE', 'ssl');
define('MAIL_USER', "xxx@xxx.com");//发件人用户名 define('MAIL_USER', 'xxx@xxx.com');//发件人用户名
define('MAIL_PASS', "xxxxxx");//发件人密码 define('MAIL_PASS', 'xxxxxx');//发件人密码
define('MAIL_FROM', "xxx@xxx.com");//发件人地址(需真实,不可伪造) define('MAIL_FROM', 'xxx@xxx.com');//发件人地址(需真实,不可伪造)
define('MAIL_RECV', "xxxx@xxxx.com");//接收通知的邮件地址 define('MAIL_RECV', 'xxxx@xxxx.com');//接收通知的邮件地址
``` ```
## 修改数据加密密码,加密方式 ## 修改数据加密密码,加密方式

4
admin.php
View File

@@ -1,6 +1,6 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
require_once("auth.php"); require_once('auth.php');
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>

11
api.php
View File

@@ -1,10 +1,17 @@
<?php <?php
error_reporting(0); error_reporting(0);
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
require_once('auth.php'); require_once('auth.php');
require_once("dio.php"); require_once('dio.php');
header('Content-Type: application/json'); header('Content-Type: application/json');
$referer_array = parse_url($_SERVER['HTTP_REFERER']);
//CSRF防御
if($referer_array['host'] != $_SERVER['HTTP_HOST']) {
exit('Access Denied');
}
//与xss记录相关api //与xss记录相关api
if ( isset( $_GET['cmd'] ) ) { if ( isset( $_GET['cmd'] ) ) {
switch ( $_GET['cmd'] ) { switch ( $_GET['cmd'] ) {

16
auth.php
View File

@@ -3,10 +3,10 @@ if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("functions.php"); require_once('functions.php');
//设置httponly //设置httponly
ini_set("session.cookie_httponly", 1); ini_set('session.cookie_httponly', 1);
session_start(); session_start();
//判断登陆情况ip和useragent是否改变改变则强制退出 //判断登陆情况ip和useragent是否改变改变则强制退出
@@ -16,19 +16,19 @@ if ( !(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_S
$_SESSION['user_agent'] = ""; $_SESSION['user_agent'] = "";
session_unset(); session_unset();
session_destroy(); session_destroy();
header("Location: login.php"); header('Location: login.php');
exit(); exit();
} }
if ( ADMIN_IP_CHECK_ENABLE && !(isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === getRealIP()) ) { if ( ADMIN_IP_CHECK_ENABLE && !(isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != '' && $_SESSION['user_IP'] === getRealIP()) ) {
$_SESSION['isLogin'] = false; $_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = ""; $_SESSION['user_IP'] = '';
$_SESSION['user_agent'] = ""; $_SESSION['user_agent'] = '';
session_unset(); session_unset();
session_destroy(); session_destroy();
header("Location: login.php"); header('Location: login.php');
exit(); exit();
} }
//开启CSP //开启CSP
require_once("waf.php"); require_once('waf.php');

24
change_encrypt_pass.php
View File

@@ -21,11 +21,11 @@ exit();
* 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法) * 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法)
* 4. 升级完成 * 4. 升级完成
*/ */
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
require_once("config.php"); require_once('config.php');
if( isset( $argv[1] ) ) { if( isset( $argv[1] ) ) {
if ($argv[1] === "update") if ($argv[1] === 'update')
update_from_old_version($argv[2], $argv[3]); update_from_old_version($argv[2], $argv[3]);
else else
change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]); change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
@@ -33,8 +33,8 @@ if( isset( $argv[1] ) ) {
function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) { function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) {
//如果从旧版本升级就统一先切换为RC4密码bluelotus //如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, 'AES', 'true', 'bluelotus', 'RC4');
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); modify_xss_record($old_encrypt_enable, $old_encrypt_pass, 'AES', 'true', 'bluelotus', 'RC4');
} }
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
@@ -65,7 +65,7 @@ function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_
foreach ($files as $file) { foreach ($files as $file) {
$filename = basename($file, ".php"); $filename = basename($file, ".php");
if (preg_match("/^[0-9]{10}$/", $filename)) { if (preg_match('/^[0-9]{10}$/', $filename)) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
$info = @file_get_contents($logFile); $info = @file_get_contents($logFile);
@@ -110,11 +110,11 @@ function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encr
function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) { if ($encrypt_enable) {
if ($encrypt_type === "AES") { if ($encrypt_type === 'AES') {
require_once("aes.php"); require_once('aes.php');
$info = AESEncryptCtr($info, $encrypt_pass); $info = AESEncryptCtr($info, $encrypt_pass);
} else { } else {
require_once("rc4.php"); require_once('rc4.php');
$info = base64_encode(rc4($info, $encrypt_pass)); $info = base64_encode(rc4($info, $encrypt_pass));
} }
} else } else
@@ -125,12 +125,12 @@ function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) { if ($encrypt_enable) {
if ($encrypt_type === "AES") { if ($encrypt_type === 'AES') {
require_once("aes.php"); require_once('aes.php');
$info = AESDecryptCtr($info, $encrypt_pass); $info = AESDecryptCtr($info, $encrypt_pass);
} else { } else {
require_once("rc4.php"); require_once('rc4.php');
$info = rc4(base64_decode($info), $encrypt_pass); $info = rc4(base64_decode($info), $encrypt_pass);
} }
} else } else

38
config-sample.php
View File

@@ -3,25 +3,25 @@ if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
define("PASS", "2a05218c7aa0a6dbd370985d984627b8"); //后台登录密码默认密码bluelotus define('PASS', '2a05218c7aa0a6dbd370985d984627b8'); //后台登录密码默认密码bluelotus
define("DATA_PATH", "data"); //xss记录、封禁ip列表存放目录 define('DATA_PATH', 'data'); //xss记录、封禁ip列表存放目录
define("JS_TEMPLATE_PATH", "template"); //js模板存放目录 define('JS_TEMPLATE_PATH', 'template'); //js模板存放目录
define("MY_JS_PATH", "myjs"); //我的js存放目录 define('MY_JS_PATH', 'myjs'); //我的js存放目录
define("ENCRYPT_ENABLE", true); //是否加密“xss记录封禁ip列表js描述” define('ENCRYPT_ENABLE', true); //是否加密“xss记录封禁ip列表js描述”
define("ENCRYPT_PASS", "bluelotus"); //加密密码 define('ENCRYPT_PASS', 'bluelotus'); //加密密码
define("ENCRYPT_TYPE", "RC4"); //加密方法AES或RC4 define('ENCRYPT_TYPE', 'RC4'); //加密方法AES或RC4
define("KEEP_SESSION", true); //是否启用KEEP_SESSION功能需要外部定时访问keepsession.php define('KEEP_SESSION', true); //是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define("ADMIN_IP_CHECK_ENABLE", true);//是否启用管理员ip认证启用后当xss平台发现ip变化将会踢出管理员要求重新登录如果发现经常异常退出控制面板请关闭此项认证 define('ADMIN_IP_CHECK_ENABLE', true);//是否启用管理员ip认证启用后当xss平台发现ip变化将会踢出管理员要求重新登录如果发现经常异常退出控制面板请关闭此项认证
define("XFF_ENABLE", false);//是否使用HTTP_X_FORWARDED_FOR的地址来代替REMOTE_ADDR当且仅当存在反代的情况下才须开启开启须谨慎 define('XFF_ENABLE', false);//是否使用HTTP_X_FORWARDED_FOR的地址来代替REMOTE_ADDR当且仅当存在反代的情况下才须开启开启须谨慎
define("IPDATA_PATH", "qqwry.dat"); //ip归属地数据库地址 define('IPDATA_PATH', 'qqwry.dat'); //ip归属地数据库地址
/*邮件通知相关配置*/ /*邮件通知相关配置*/
define("MAIL_ENABLE", false); //开启邮件通知 define('MAIL_ENABLE', false); //开启邮件通知
define("SMTP_SERVER", "smtp.xxx.com"); //smtp服务器 define('SMTP_SERVER', 'smtp.xxx.com'); //smtp服务器
define("SMTP_PORT", 465); //端口 define('SMTP_PORT', 465); //端口
define("SMTP_SECURE", "ssl"); define('SMTP_SECURE', 'ssl');
define("MAIL_USER", "xxx@xxx.com"); //发件人用户名 define('MAIL_USER', 'xxx@xxx.com'); //发件人用户名
define("MAIL_PASS", "xxxxxx"); //发件人密码 define('MAIL_PASS', 'xxxxxx'); //发件人密码
define("MAIL_FROM", "xxx@xxx.com"); //发件人地址(需真实,不可伪造) define('MAIL_FROM', 'xxx@xxx.com'); //发件人地址(需真实,不可伪造)
define("MAIL_RECV", "xxxx@xxxx.com"); //接收通知的邮件地址 define('MAIL_RECV', 'xxxx@xxxx.com'); //接收通知的邮件地址

2
dio.php
View File

@@ -2,7 +2,7 @@
if ( !defined('IN_XSS_PLATFORM') ) { if ( !defined('IN_XSS_PLATFORM') ) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("functions.php"); require_once('functions.php');
//时间戳的正则表达式 //时间戳的正则表达式
define('ID_REGEX', '/^[0-9]{10}$/'); define('ID_REGEX', '/^[0-9]{10}$/');

26
functions.php
View File

@@ -3,7 +3,7 @@ if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("load.php"); require_once('load.php');
//nginx无getallheaders函数 //nginx无getallheaders函数
if (!function_exists('getallheaders')) { if (!function_exists('getallheaders')) {
@@ -22,21 +22,21 @@ function isKeepSession($info) {
$keepsession = false; $keepsession = false;
foreach ($info['get_data'] as $k => $v) { foreach ($info['get_data'] as $k => $v) {
if ($k === "keepsession") { if ($k === 'keepsession') {
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
} }
foreach ($info['post_data'] as $k => $v) { foreach ($info['post_data'] as $k => $v) {
if ($k === "keepsession") { if ($k === 'keepsession') {
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
} }
foreach ($info['cookie_data'] as $k => $v) { foreach ($info['cookie_data'] as $k => $v) {
if ($k === "keepsession") { if ($k === 'keepsession') {
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
@@ -66,7 +66,7 @@ function tryBase64Decode($arr) {
$new_arr = array(); $new_arr = array();
foreach ($arr as $k => $v) { foreach ($arr as $k => $v) {
$decoded_v = ""; $decoded_v = '';
if (isBase64Formatted($v)) { if (isBase64Formatted($v)) {
$decoded_v = base64_decode($v); $decoded_v = base64_decode($v);
$isChanged = 1; $isChanged = 1;
@@ -93,11 +93,11 @@ function isBase64Formatted($str) {
function encrypt($info) { function encrypt($info) {
if (ENCRYPT_ENABLE) { if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") { if (ENCRYPT_TYPE === 'AES') {
require_once("aes.php"); require_once('aes.php');
$info = AESEncryptCtr($info, ENCRYPT_PASS); $info = AESEncryptCtr($info, ENCRYPT_PASS);
} else { } else {
require_once("rc4.php"); require_once('rc4.php');
$info = base64_encode(rc4($info, ENCRYPT_PASS)); $info = base64_encode(rc4($info, ENCRYPT_PASS));
} }
} else } else
@@ -108,12 +108,12 @@ function encrypt($info) {
function decrypt($info) { function decrypt($info) {
if (ENCRYPT_ENABLE) { if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") { if (ENCRYPT_TYPE === 'AES') {
require_once("aes.php"); require_once("aes.php");
$info = AESDecryptCtr($info, ENCRYPT_PASS); $info = AESDecryptCtr($info, ENCRYPT_PASS);
} else { } else {
require_once("rc4.php"); require_once('rc4.php');
$info = rc4(base64_decode($info), ENCRYPT_PASS); $info = rc4(base64_decode($info), ENCRYPT_PASS);
} }
} else } else
@@ -145,7 +145,7 @@ function getRealIP(){
//基于Discuz X3.1 function_misc.php 函数已过滤,可直接输出 //基于Discuz X3.1 function_misc.php 函数已过滤,可直接输出
function convertIP($ip, $ipdatafile) { function convertIP($ip, $ipdatafile) {
$ipaddr = '未知'; $ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $ip)) {
$iparray = explode('.', $ip); $iparray = explode('.', $ip);
if ($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) { if ($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) {
$ipaddr = '局域网'; $ipaddr = '局域网';
@@ -278,12 +278,12 @@ function convertIP($ip, $ipdatafile) {
} }
fclose($fd); fclose($fd);
$ipAddr1 = iconv("gb18030", "utf-8//IGNORE", $ipAddr1); $ipAddr1 = iconv('gb18030', "utf-8//IGNORE", $ipAddr1);
if ($ipAddr2) { if ($ipAddr2) {
if (ord($ipAddr2{0}) == 2) if (ord($ipAddr2{0}) == 2)
$ipAddr2 = ""; $ipAddr2 = "";
else else
$ipAddr2 = iconv("gb18030", "utf-8//IGNORE", $ipAddr2); $ipAddr2 = iconv('gb18030', "utf-8//IGNORE", $ipAddr2);
} }
if (preg_match('/http/i', $ipAddr2)) { if (preg_match('/http/i', $ipAddr2)) {

16
index.php
View File

@@ -1,5 +1,5 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
ignore_user_abort(true); ignore_user_abort(true);
error_reporting(0); error_reporting(0);
@@ -9,17 +9,17 @@ error_reporting(0);
if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0) if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0)
exit(); exit();
*/ */
header("Access-Control-Allow-Origin:*"); header('Access-Control-Allow-Origin: *');
require_once("functions.php"); require_once('functions.php');
require_once("dio.php"); require_once('dio.php');
$info = array(); $info = array();
$user_IP = getRealIP(); $user_IP = getRealIP();
$user_port = isset($_SERVER['REMOTE_PORT']) ? $_SERVER['REMOTE_PORT'] : "unknown"; $user_port = isset($_SERVER['REMOTE_PORT']) ? $_SERVER['REMOTE_PORT'] : 'unknown';
$protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : "unknown"; $protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'unknown';
$request_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : "unknown"; $request_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : 'unknown';
$request_URI = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : "unknown"; $request_URI = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'unknown';
$request_time = isset($_SERVER['REQUEST_TIME']) ? $_SERVER['REQUEST_TIME'] : time(); $request_time = isset($_SERVER['REQUEST_TIME']) ? $_SERVER['REQUEST_TIME'] : time();
$headers_data = getallheaders(); $headers_data = getallheaders();

18
install.php
View File

@@ -1,5 +1,5 @@
<?php <?php
define("IN_XSS_PLATFORM",true); define('IN_XSS_PLATFORM',true);
ignore_user_abort(true); ignore_user_abort(true);
//检测是否已经安装 //检测是否已经安装
@@ -304,8 +304,8 @@ function display_setup_form( $error = null ) {
<select name="encrypt_type" type="text" id="encrypt_type" size="1"> <select name="encrypt_type" type="text" id="encrypt_type" size="1">
<option value ="RC4" <?php if($encrypt_type==="RC4") echo 'selected="selected"';?> >RC4</option> <option value ="RC4" <?php if($encrypt_type==='RC4') echo 'selected="selected"';?> >RC4</option>
<option value ="AES" <?php if($encrypt_type!=="RC4") echo 'selected="selected"';?> >AES</option> <option value ="AES" <?php if($encrypt_type!=='RC4') echo 'selected="selected"';?> >AES</option>
</select> </select>
</td> </td>
@@ -447,12 +447,12 @@ function modifyJsDesc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_t
//加密 //加密
function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) { function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) {
if($encrypt_enable) { if($encrypt_enable) {
if($encrypt_type==="AES") { if($encrypt_type==='AES') {
require_once("aes.php"); require_once('aes.php');
$info=AESEncryptCtr($info,$encrypt_pass); $info=AESEncryptCtr($info,$encrypt_pass);
} }
else { else {
require_once("rc4.php"); require_once('rc4.php');
$info=base64_encode( rc4($info,$encrypt_pass) ); $info=base64_encode( rc4($info,$encrypt_pass) );
} }
} }
@@ -465,13 +465,13 @@ function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) {
//解密 //解密
function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) { function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) {
if($encrypt_enable) { if($encrypt_enable) {
if($encrypt_type==="AES") { if($encrypt_type==='AES') {
require_once("aes.php"); require_once('aes.php');
$info=AESDecryptCtr($info,$encrypt_pass); $info=AESDecryptCtr($info,$encrypt_pass);
} }
else { else {
require_once("rc4.php"); require_once('rc4.php');
$info=rc4(base64_decode($info),$encrypt_pass); $info=rc4(base64_decode($info),$encrypt_pass);
} }
} }

15
keepsession.php
View File

@@ -1,13 +1,14 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
//很明显keepsession有SSRF问题一定要做好网络隔离或者自己加固一下代码
ignore_user_abort(); ignore_user_abort();
//Windows平台最好别设成0因为windows上lock没法实现非阻塞 //Windows平台最好别设成0因为windows上lock没法实现非阻塞
set_time_limit(0); set_time_limit(0);
require_once("load.php"); require_once('load.php');
require_once("functions.php"); require_once('functions.php');
require_once("dio.php"); require_once('dio.php');
if (KEEP_SESSION) { if (KEEP_SESSION) {
//利用非阻塞的flock实现单例运行 //利用非阻塞的flock实现单例运行
@@ -24,7 +25,7 @@ if (KEEP_SESSION) {
$url = getLocation($info); $url = getLocation($info);
$cookie = getCookie($info); $cookie = getCookie($info);
$useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36"; $useragent = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36';
if (isset($info['headers_data']['User-Agent'])) if (isset($info['headers_data']['User-Agent']))
$useragent = $info['headers_data']['User-Agent']; $useragent = $info['headers_data']['User-Agent'];
@@ -60,7 +61,7 @@ if (KEEP_SESSION) {
function getCookie($info) function getCookie($info)
{ {
$cookie = ""; $cookie = '';
if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "") if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
$cookie = $info['decoded_get_data']['cookie']; $cookie = $info['decoded_get_data']['cookie'];
@@ -81,7 +82,7 @@ function getCookie($info)
function getLocation($info) function getLocation($info)
{ {
$location = ""; $location = '';
if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "") if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
$location = $info['decoded_get_data']['location']; $location = $info['decoded_get_data']['location'];

2
load.php
View File

@@ -3,6 +3,6 @@ if (file_exists('config.php')) {
require_once('config.php'); require_once('config.php');
} else { } else {
//缺少config文件转至install.php //缺少config文件转至install.php
header("Location: install.php"); header('Location: install.php');
exit(); exit();
} }

22
login.php
View File

@@ -1,20 +1,20 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define('IN_XSS_PLATFORM', true);
require_once("functions.php"); require_once('functions.php');
require_once("dio.php"); require_once('dio.php');
//CSP开启 //CSP开启
require_once("waf.php"); require_once('waf.php');
//设置httponly //设置httponly
ini_set("session.cookie_httponly", 1); ini_set('session.cookie_httponly', 1);
session_start(); session_start();
//判断是否登陆 //判断是否登陆
if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) { if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) {
header("Location: admin.php"); header('Location: admin.php');
exit(); exit();
} }
@@ -32,7 +32,7 @@ if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
unset($forbiddenIPList[$ip]); unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList); saveForbiddenIPList($forbiddenIPList);
} }
header("Location: admin.php"); header('Location: admin.php');
exit(); exit();
} else { } else {
if (isset($forbiddenIPList[$ip])) if (isset($forbiddenIPList[$ip]))
@@ -53,9 +53,9 @@ php -r '$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";$key="你的密码";$key=md5($s
*/ */
function checkPassword($p) { function checkPassword($p) {
if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) { if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != '' && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) {
//改了这个盐记得改login.js里的两个要一致 //改了这个盐记得改login.js里的两个要一致
$salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl"; $salt = '!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';
$key = PASS; $key = PASS;
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt); $key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt); $key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
@@ -67,8 +67,8 @@ function checkPassword($p) {
//生成挑战应答的随机值 //生成挑战应答的随机值
function generate_password($length = 32) { function generate_password($length = 32) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$password = ""; $password = '';
for ($i = 0; $i < $length; $i++) for ($i = 0; $i < $length; $i++)
$password .= $chars[mt_rand(0, strlen($chars) - 1)]; $password .= $chars[mt_rand(0, strlen($chars) - 1)];
return $password; return $password;

6
logout.php
View File

@@ -1,9 +1,9 @@
<?php <?php
session_start(); session_start();
$_SESSION['isLogin'] = false; $_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = ""; $_SESSION['user_IP'] = '';
$_SESSION['user_agent'] = ""; $_SESSION['user_agent'] = '';
session_unset(); session_unset();
session_destroy(); session_destroy();
header("Location: login.php"); header('Location: login.php');
exit(); exit();

16
mail.php
View File

@@ -3,15 +3,15 @@ if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("PHPMailer/PHPMailerAutoload.php"); require_once('PHPMailer/PHPMailerAutoload.php');
require_once("load.php"); require_once('load.php');
function send_mail($xss_record_json) { function send_mail($xss_record_json) {
$subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . ""; $subject = 'GET:' . count($xss_record_json['get_data']) . '个 POST:' . count($xss_record_json['post_data']) . '个 Cookie:' . count($xss_record_json['cookie_data']) . '个';
$body = json_encode($xss_record_json, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); $body = json_encode($xss_record_json, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
$body = str_replace("\n", "<br/>", $body); $body = str_replace('\n', '<br/>', $body);
$body = str_replace(" ", "&nbsp;", $body); $body = str_replace(' ', '&nbsp;', $body);
$mail = new PHPMailer(); //实例化 $mail = new PHPMailer(); //实例化
$mail->isSendmail(); $mail->isSendmail();
@@ -21,15 +21,15 @@ function send_mail($xss_record_json) {
$mail->Port = SMTP_PORT; //邮件发送端口 $mail->Port = SMTP_PORT; //邮件发送端口
$mail->SMTPAuth = true; //启用SMTP认证 $mail->SMTPAuth = true; //启用SMTP认证
$mail->SMTPSecure = SMTP_SECURE; $mail->SMTPSecure = SMTP_SECURE;
$mail->CharSet = "UTF-8"; //字符集 $mail->CharSet = 'UTF-8'; //字符集
$mail->Encoding = "base64"; //编码方式 $mail->Encoding = 'base64'; //编码方式
$mail->Username = MAIL_USER; //你的邮箱 $mail->Username = MAIL_USER; //你的邮箱
$mail->Password = MAIL_PASS; //你的密码 $mail->Password = MAIL_PASS; //你的密码
$mail->Subject = $subject; //邮件标题 $mail->Subject = $subject; //邮件标题
$mail->From = MAIL_FROM; //发件人地址(也就是你的邮箱) $mail->From = MAIL_FROM; //发件人地址(也就是你的邮箱)
$mail->FromName = "通知"; //发件人姓名 $mail->FromName = '通知'; //发件人姓名
$mail->AddAddress(MAIL_RECV); //添加收件人(地址,昵称) $mail->AddAddress(MAIL_RECV); //添加收件人(地址,昵称)

BIN
qqwry.dat
View File

Binary file not shown.

4
waf.php
View File

@@ -1,7 +1,5 @@
<?php <?php
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'"); header("Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");
header("X-XSS-Protection: 1; mode=block"); header("X-XSS-Protection: 1; mode=block");
header("X-Content-Type-Options: nosniff"); header("X-Content-Type-Options: nosniff");
header("X-Frame-Options: DENY"); header("X-Frame-Options: DENY");