firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.5

Browse Source 
除了install与change_encrypt_pass操作以外,所有io操作移至dio.php
This commit is contained in:
firesun
2016-01-30 16:36:36 +08:00
parent 04081b8d2b
commit 8f507e8ea1
3 changed files with 271 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
api.php
View File

@@ -6,27 +6,22 @@ require_once("functions.php");
require_once("dio.php");
header('Content-Type: application/json');
//时间戳的正则表达式
define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//与xss记录相关api
if ( isset( $_GET['cmd'] ) ) {
switch ( $_GET['cmd'] ) {
//获取所有记录包括详细信息
case 'list':
echo json_encode(xss_record_detail_list());
echo json_encode( list_xss_record_detail() );
break;
//只获取时间戳索引id
case 'id_list':
echo json_encode(xss_record_id_list());
echo json_encode( list_xss_record_id() );
break;
//根据时间戳索引id获得单条信息
case 'get':
if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id']))
if ( isset( $_GET['id'] ) )
echo json_encode( load_xss_record( $_GET['id'] ) );
else
echo json_encode( false );
@@ -34,7 +29,7 @@ if (isset($_GET['cmd'])) {
//根据时间戳索引id删除单条信息
case 'del':
if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id']))
if ( isset( $_GET['id'] ) )
echo json_encode( delete_xss_record( $_GET['id'] ) );
else
echo json_encode( false );
@@ -54,45 +49,43 @@ else if (isset($_GET['js_template_cmd'])) {
switch ( $_GET['js_template_cmd'] ) {
//获取所有js模板的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH));
echo json_encode( list_js_name_and_desc( JS_TEMPLATE_PATH ) );
break;
//添加js模板
case 'add':
if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else {
save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']);
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
$result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result );
}
} else
else
echo json_encode( false );
break;
//修改js模板
case 'modify':
if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false);
else {
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
$result = true;
if ( $_POST['old_name'] != $_POST['name'] )
delete_js(JS_TEMPLATE_PATH, $_POST['old_name']);
$result = delete_js( JS_TEMPLATE_PATH, $_POST['old_name'] );
save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']);
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
if( $result ) {
$result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] );
}
} else
echo json_encode( $result );
}
else
echo json_encode( false );
break;
//获取某一js模板的内容
case 'get':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
if ( isset( $_GET['name'] ) )
echo json_encode( load_js_content( JS_TEMPLATE_PATH, $_GET['name'] ) );
else
echo json_encode( false );
@@ -100,7 +93,7 @@ else if (isset($_GET['js_template_cmd'])) {
//删除js模板
case 'del':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
if ( isset( $_GET['name'] ) )
echo json_encode( delete_js( JS_TEMPLATE_PATH, $_GET['name'] ) );
else
echo json_encode( false );
@@ -120,46 +113,41 @@ else if (isset($_GET['my_js_cmd'])) {
switch ( $_GET['my_js_cmd'] ) {
//获取所有我的js的名字与描述
case 'list':
echo json_encode(js_name_and_desc_list(MY_JS_PATH));
echo json_encode( list_js_name_and_desc( MY_JS_PATH ) );
break;
//添加js模板
case 'add':
if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(MY_JS_PATH))
echo json_encode(false);
else {
save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']);
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
$result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result );
}
} else
else
echo json_encode( false );
break;
//修改js模板
case 'modify':
if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
if (!is_writable(MY_JS_PATH))
echo json_encode(false);
else {
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
$result = true;
if ( $_POST['old_name'] != $_POST['name'] )
delete_js(MY_JS_PATH, $_POST['old_name']);
save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']);
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true);
$result = delete_js( MY_JS_PATH, $_POST['old_name'] );
if( $result ) {
$result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] );
}
} else
echo json_encode( $result );
}
else
echo json_encode( false );
break;
//获取某一js模板的内容
case 'get':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
if ( isset( $_GET['name'] ) )
echo json_encode( load_js_content( MY_JS_PATH, $_GET['name'] ) );
else
echo json_encode( false );
@@ -167,7 +155,7 @@ else if (isset($_GET['my_js_cmd'])) {
//删除js模板
case 'del':
if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name']))
if ( isset( $_GET['name'] ) )
echo json_encode( delete_js( MY_JS_PATH, $_GET['name'] ) );
else
echo json_encode( false );
@@ -181,79 +169,6 @@ else if (isset($_GET['my_js_cmd'])) {
default:
echo json_encode( false );
}
} else
}
else
echo json_encode( false );
function xss_record_id_list() {
$files = glob(DATA_PATH . '/*.php');
$list = array();
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match(ID_REGEX, $filename))
$list[] = $filename;
}
return $list;
}
function xss_record_detail_list() {
$list = array();
$files = glob(DATA_PATH . '/*.php');
arsort($files);
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match(ID_REGEX, $filename)) {
$info = load_xss_record($filename);
if ($info === false)
continue;
$isChange = false;
//如果没有设置location就查询qqwry.dat判断location
if (!isset($info['location'])) {
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true;
}
if ($isChange)
save_xss_record(json_encode($info), $filename);
$list[] = $info;
}
}
return $list;
}
//获取js的名字与描述列表
function js_name_and_desc_list($path) {
$list = array();
$files = glob($path . '/*.js');
arsort($files);
foreach ($files as $file) {
//由于可能有中文名,故使用正则来提取文件名
$item = array();
$item['js_uri'] = $file;
$filename = preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename = substr($filename, 0, strlen($filename) - 3);
$item['js_name'] = $filename;
$item['js_name_abbr'] = stripStr($filename);
$result = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc');
$result = $result ? $result : "";
$result = decrypt($result);
if (json_encode($result) === false)
$result = "加密密码不符,无法获得描述";
$item['js_description'] = $result;
$item['js_description_abbr'] = stripStr($result);
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理
$list[] = $item;
}
return $list;
}

171
dio.php
View File

@@ -5,25 +5,30 @@ if (!defined('IN_XSS_PLATFORM')) {
require_once("load.php");
require_once("functions.php");
//时间戳的正则表达式
define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info, $filename) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
!file_exists($logFile) && @touch($logFile);
function save_xss_record( $info, $id ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
$info = encrypt( $info );
if (file_put_contents($logFile, '<?php exit();?>' . $info) === false)
if ( file_put_contents( $xss_record_file, '<?php exit();?>' . $info ) === false )
return false;
else
return true;
}
function load_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile))
//读取某一时间戳的xss记录
function load_xss_record( $id ) {
if ( preg_match( ID_REGEX, $id ) ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
if ( !file_exists( $xss_record_file ) )
return false;
$info = @file_get_contents($logFile);
$info = @file_get_contents( $xss_record_file );
if ( $info === false )
return false;
@@ -55,21 +60,25 @@ function load_xss_record($filename) {
}
if ( $isChange )
save_xss_record(json_encode($info), $filename);
save_xss_record( json_encode( $info ), $id );
return $info;
} else
}
else
return false;
}
function delete_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile);
} else
//删除某一时间戳的xss记录
function delete_xss_record( $id ) {
if ( preg_match( ID_REGEX, $_GET['id'] ) ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
return unlink( $xss_record_file );
}
else
return false;
}
//清空xss记录
function clear_xss_record() {
$files = glob( DATA_PATH . '/*.php' );
@@ -79,8 +88,49 @@ function clear_xss_record() {
return true;
}
//获取xss记录时间戳列表
function list_xss_record_id() {
$files = glob( DATA_PATH . '/*.php' );
$list = array();
foreach ( $files as $file ) {
$filename = basename( $file, ".php" );
if ( preg_match( ID_REGEX, $filename ) )
$list[] = $filename;
}
return $list;
}
//获取所有xss记录
function list_xss_record_detail() {
$list = array();
$files = glob( DATA_PATH . '/*.php' );
arsort( $files );
foreach ( $files as $file ) {
$filename = basename( $file, ".php" );
$info = load_xss_record( $filename );
if ( $info === false )
continue;
$isChange = false;
//如果没有设置location就查询qqwry.dat判断location
if ( !isset( $info['location'] ) ) {
$info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) );
$isChange = true;
}
if ( $isChange )
save_xss_record( json_encode( $info ), $filename );
$list[] = $info;
}
return $list;
}
//读取名为$filename的js文件内容
function load_js_content( $path, $filename ) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
if ( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if ( !file_exists( $file ) )
return false;
@@ -89,21 +139,25 @@ function load_js_content($path, $filename) {
if ( $info === false )
$info = "";
return $info;
} else
}
else
return false;
}
//删除名为$filename的js
function delete_js( $path, $filename ) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
if ( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink( $file );
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink( $file );
} else
}
else
return false;
}
//清空js
function clear_js( $path ) {
$files = glob( $path . '/*.desc' );
foreach ( $files as $file ) {
@@ -117,19 +171,24 @@ function clear_js($path) {
return true;
}
//保存名为$filename的js文件内容
function save_js_content( $path, $content, $filename ) {
if( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
!file_exists($file) && @touch($file);
if ( file_put_contents( $file, $content ) === false )
return false;
else
return true;
}
else
return false;
}
//保存名为$filename的js文件描述
function save_js_desc( $path, $desc, $filename ) {
if( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
!file_exists($file) && @touch($file);
$desc = encrypt( $desc );
@@ -138,3 +197,71 @@ function save_js_desc($path, $desc, $filename) {
else
return true;
}
else
return false;
}
//获取js的名字与描述列表
function list_js_name_and_desc( $path ) {
$list = array();
$files = glob( $path . '/*.js' );
arsort( $files );
foreach ( $files as $file ) {
//由于可能有中文名,故使用正则来提取文件名
$item = array();
$item['js_uri'] = $file;
$filename = preg_replace( '/^.+[\\\\\\/]/', '', $file );
$filename = substr( $filename, 0, strlen( $filename ) - 3 );
$item['js_name'] = $filename;
$item['js_name_abbr'] = stripStr( $filename );
$result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' );
$result = $result ? $result : "";
$result = decrypt( $result );
if ( json_encode( $result ) === false )
$result = "加密密码不符,无法获得描述";
$item['js_description'] = $result;
$item['js_description_abbr'] = stripStr( $result );
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理
$list[] = $item;
}
return $list;
}
//载入封禁的ip
function loadForbiddenIPList() {
$forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $forbidden_IP_list_file ) && @touch( $forbidden_IP_list_file );
$str = @file_get_contents( $forbidden_IP_list_file );
if ( $str === false )
return array();
$str = decrypt($str);
if ( $str != '' ) {
$result = json_decode( $str, true );
if ( $result != null )
return $result;
else
return array();
}
else
return array();
}
//保存封禁ip
function saveForbiddenIPList( $forbiddenIPList ) {
$forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat';
$str = json_encode( $forbiddenIPList );
$str = encrypt( $str );
@file_put_contents( $forbidden_IP_list_file, $str );
}

29
login.php
View File

@@ -3,6 +3,7 @@ define("IN_XSS_PLATFORM", true);
require_once("load.php");
require_once("functions.php");
require_once("dio.php");
//CSP开启
header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
@@ -48,34 +49,6 @@ if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
} else
$is_pass_wrong = true;
function loadForbiddenIPList() {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = @file_get_contents($logfile);
if ($str === false)
return array();
$str = decrypt($str);
if ($str != '') {
$result = json_decode($str, true);
if ($result != null)
return $result;
else
return array();
} else
return array();
}
function saveForbiddenIPList($forbiddenIPList) {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists($logfile) && @touch($logfile);
$str = json_encode($forbiddenIPList);
$str = encrypt($str);
@file_put_contents($logfile, $str);
}
/*
生成密码
php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"