firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.1

Browse Source 
代码格式化
This commit is contained in:
firesun
2016-01-28 11:27:27 +08:00
parent 03a2e79acf
commit 833ee3844f
9 changed files with 53 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
aes.php
View File

@@ -22,8 +22,7 @@ if (!defined('IN_XSS_PLATFORM')) {
* generated from the cipher key by KeyExpansion()
* @return ciphertext as byte-array (16 bytes)
*/
function Cipher($input, $w) // main Cipher function [§5.1]
{
function Cipher($input, $w) {// main Cipher function [§5.1]
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nr = count($w) / $Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys
@@ -53,8 +52,7 @@ function Cipher($input, $w) // main Cipher function [§5.1]
}
function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1.4]
{
function AddRoundKey($state, $w, $rnd, $Nb) {// xor Round Key into state S [§5.1.4]
for ($r = 0; $r < 4; $r++) {
for ($c = 0; $c < $Nb; $c++)
$state[$r][$c] ^= $w[$rnd * 4 + $c][$r];
@@ -62,8 +60,7 @@ function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1
return $state;
}
function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1]
{
function SubBytes($s, $Nb) {// apply SBox to state S [§5.1.1]
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($r = 0; $r < 4; $r++) {
for ($c = 0; $c < $Nb; $c++)
@@ -72,8 +69,7 @@ function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1]
return $s;
}
function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2]
{
function ShiftRows($s, $Nb) {// shift row r of state S left by r bytes [§5.1.2]
$t = array(
4
);
@@ -86,8 +82,7 @@ function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2]
return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf
}
function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3]
{
function MixColumns($s, $Nb) {// combine bytes of each col of state S [§5.1.3]
for ($c = 0; $c < 4; $c++) {
$a = array(
4
@@ -115,8 +110,7 @@ function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3]
* @param key cipher key byte-array (16 bytes)
* @return key schedule as 2D byte-array (Nr+1 x Nb bytes)
*/
function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2]
{
function KeyExpansion($key) {// generate Key Schedule from Cipher Key [§5.2]
global $Rcon; // PHP needs explicit declaration to access global variables!
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys
@@ -152,16 +146,14 @@ function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2]
return $w;
}
function SubWord($w) // apply SBox to 4-byte word w
{
function SubWord($w) {// apply SBox to 4-byte word w
global $Sbox; // PHP needs explicit declaration to access global variables!
for ($i = 0; $i < 4; $i++)
$w[$i] = $Sbox[$w[$i]];
return $w;
}
function RotWord($w) // rotate 4-byte word w left by one byte
{
function RotWord($w) {// rotate 4-byte word w left by one byte
$w[4] = $w[0];
for ($i = 0; $i < 4; $i++)
$w[$i] = $w[$i + 1];
@@ -213,8 +205,7 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00),
* @param nBits number of bits to be used in the key (128, 192, or 256)
* @return encrypted text
*/
function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128)
{
function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128) {
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
@@ -287,8 +278,7 @@ function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128)
* @param nBits number of bits to be used in the key (128, 192, or 256)
* @return decrypted text
*/
function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128)
{
function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128) {
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
@@ -354,8 +344,7 @@ function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128)
* @param b number of bits to shift a to the right (0..31)
* @return a right-shifted and zero-filled by b bits
*/
function urs($a, $b)
{
function urs($a, $b) {
$a &= 0xffffffff;
$b &= 0x1f; // (bounds check)
if ($a & 0x80000000 && $b > 0) { // if left-most bit set

10
api.php
View File

@@ -185,8 +185,7 @@ else if (isset($_GET['my_js_cmd'])) {
echo json_encode(false);
function xss_record_id_list()
{
function xss_record_id_list() {
$files = glob(DATA_PATH . '/*.php');
$list = array();
foreach ($files as $file) {
@@ -197,8 +196,7 @@ function xss_record_id_list()
return $list;
}
function xss_record_detail_list()
{
function xss_record_detail_list() {
$list = array();
$files = glob(DATA_PATH . '/*.php');
arsort($files);
@@ -226,8 +224,7 @@ function xss_record_detail_list()
}
//获取js的名字与描述列表
function js_name_and_desc_list($path)
{
function js_name_and_desc_list($path) {
$list = array();
$files = glob($path . '/*.js');
arsort($files);
@@ -258,6 +255,5 @@ function js_name_and_desc_list($path)
$list[] = $item;
}
return $list;
}

23
change_encrypt_pass.php
View File

@@ -29,22 +29,20 @@ if ($argv[1] === "update")
else
change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
function update_from_old_version($old_encrypt_enable, $old_encrypt_pass)
{
function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) {
//如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
}
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
}
function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
$str = @file_get_contents($logfile);
@@ -60,8 +58,7 @@ function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_enc
echo "修改封禁ip失败可能是没有权限chmod 777\n";
}
function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
@@ -85,8 +82,8 @@ function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_
}
}
}
function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$files = glob($path . '/*.js');
foreach ($files as $file) {
//由于可能有中文名,故使用正则来提取文件名
@@ -109,8 +106,7 @@ function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encr
}
}
function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{
function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");
@@ -125,8 +121,7 @@ function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
return $info;
}
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");

27
dio.php
View File

@@ -6,8 +6,7 @@ require_once("load.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info, $filename)
{
function save_xss_record($info, $filename) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
!file_exists($logFile) && @touch($logFile);
@@ -19,8 +18,7 @@ function save_xss_record($info, $filename)
return true;
}
function load_xss_record($filename)
{
function load_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile))
@@ -64,8 +62,7 @@ function load_xss_record($filename)
return false;
}
function delete_xss_record($filename)
{
function delete_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile);
@@ -73,8 +70,7 @@ function delete_xss_record($filename)
return false;
}
function clear_xss_record()
{
function clear_xss_record() {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
@@ -83,8 +79,7 @@ function clear_xss_record()
return true;
}
function load_js_content($path, $filename)
{
function load_js_content($path, $filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if (!file_exists($file))
@@ -98,8 +93,7 @@ function load_js_content($path, $filename)
return false;
}
function delete_js($path, $filename)
{
function delete_js($path, $filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink($file);
@@ -110,8 +104,7 @@ function delete_js($path, $filename)
}
function clear_js($path)
{
function clear_js($path) {
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
@@ -124,8 +117,7 @@ function clear_js($path)
return true;
}
function save_js_content($path, $content, $filename)
{
function save_js_content($path, $content, $filename) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
!file_exists($file) && @touch($file);
@@ -135,8 +127,7 @@ function save_js_content($path, $content, $filename)
return true;
}
function save_js_desc($path, $desc, $filename)
{
function save_js_desc($path, $desc, $filename) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
!file_exists($file) && @touch($file);

27
functions.php
View File

@@ -7,8 +7,7 @@ require_once("load.php");
//nginx无getallheaders函数
if (!function_exists('getallheaders')) {
function getallheaders()
{
function getallheaders() {
foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
@@ -19,8 +18,7 @@ if (!function_exists('getallheaders')) {
}
//判断该记录是否
function isKeepSession($info)
{
function isKeepSession($info) {
$keepsession = false;
foreach ($info['get_data'] as $k => $v) {
@@ -47,15 +45,13 @@ function isKeepSession($info)
}
//xss过滤
function stripStr($str)
{
function stripStr($str) {
if (get_magic_quotes_gpc())
$str = stripslashes($str);
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
}
function stripArr($arr)
{
function stripArr($arr) {
$new_arr = array();
foreach ($arr as $k => $v) {
$new_arr[stripStr($k)] = stripStr($v);
@@ -64,8 +60,7 @@ function stripArr($arr)
}
//尝试base64解码
function tryBase64Decode($arr)
{
function tryBase64Decode($arr) {
if (isset($arr) && count($arr) > 0) {
$isChanged = 0;
@@ -88,8 +83,7 @@ function tryBase64Decode($arr)
}
//判断string是否为base64编码判断方法解码后为可见字符串
function isBase64Formatted($str)
{
function isBase64Formatted($str) {
if (preg_match('/^[A-Za-z0-9+\/=]+$/', $str))
if ($str == base64_encode(base64_decode($str)))
if (preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', base64_decode($str)))
@@ -97,8 +91,7 @@ function isBase64Formatted($str)
return false;
}
function encrypt($info)
{
function encrypt($info) {
if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") {
require_once("aes.php");
@@ -113,8 +106,7 @@ function encrypt($info)
return $info;
}
function decrypt($info)
{
function decrypt($info) {
if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") {
require_once("aes.php");
@@ -130,8 +122,7 @@ function decrypt($info)
}
//基于Discuz X3.1 function_misc.php
function convertip($ip, $ipdatafile)
{
function convertip($ip, $ipdatafile) {
$ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {
$iparray = explode('.', $ip);

14
install.php
View File

@@ -7,6 +7,7 @@ if ( file_exists('config.php') ) {
display_header();
@unlink($_SERVER['SCRIPT_FILENAME']);
@unlink('config-sample.php');
die( '<h1>已安装</h1><p>请勿重复安装!</p><p class="step"><a href="login.php" class="button button-large">登录</a></p></body></html>' );
}
@@ -195,7 +196,7 @@ CONFIG;
}
function display_header( ) {
function display_header() {
?>
<!DOCTYPE html>
@@ -395,15 +396,14 @@ function display_setup_form( $error = null ) {
} // end display_setup_form()
//xss过滤
function stripStr($str){
function stripStr($str) {
if(get_magic_quotes_gpc())
$str=stripslashes($str);
return htmlspecialchars($str,ENT_QUOTES,'UTF-8');
}
//js描述重加密
function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type)
{
function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type) {
$files = glob($path . '/*.js');
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
@@ -425,8 +425,7 @@ function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt
}
//加密
function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) {
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");
@@ -444,8 +443,7 @@ function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
}
//解密
function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type) {
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");

12
login.php
View File

@@ -48,8 +48,7 @@ if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
} else
$is_pass_wrong = true;
function loadForbiddenIPList()
{
function loadForbiddenIPList() {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = @file_get_contents($logfile);
@@ -69,8 +68,7 @@ function loadForbiddenIPList()
return array();
}
function saveForbiddenIPList($forbiddenIPList)
{
function saveForbiddenIPList($forbiddenIPList) {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = json_encode($forbiddenIPList);
@@ -82,8 +80,7 @@ function saveForbiddenIPList($forbiddenIPList)
生成密码
php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"
*/
function checkPassword($p)
{
function checkPassword($p) {
if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) {
//改了这个盐记得改login.js里的两个要一致
$salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
@@ -97,8 +94,7 @@ function checkPassword($p)
}
//生成挑战应答的随机值
function generate_password($length = 32)
{
function generate_password($length = 32) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ($i = 0; $i < $length; $i++)

3
mail.php
View File

@@ -6,8 +6,7 @@ if (!defined('IN_XSS_PLATFORM')) {
require_once("PHPMailer/PHPMailerAutoload.php");
require_once("load.php");
function send_mail($xss_record_json)
{
function send_mail($xss_record_json) {
$subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . "";
$body = json_encode($xss_record_json, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);

3
rc4.php
View File

@@ -30,8 +30,7 @@ if (!defined('IN_XSS_PLATFORM')) {
* @return the result of the RC4 as a binary string
* @author Michael Cutler <m@cotdp.com>
*/
function rc4($data_str, $key_str)
{
function rc4($data_str, $key_str) {
// convert input string(s) to array(s)
$key = array();
$data = array();