firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
BlueLotus_XSSReceiver/dio.php
firesun 82227be6bd Version 3.5.3 
1. 增加referer校验防御CSRF
2. 修复若干小bug
3. 更新IP库
2022-05-24 00:13:20 +08:00

266 lines
7.7 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
if ( !defined('IN_XSS_PLATFORM') ) {
exit('Access Denied');
}
require_once('functions.php');
//时间戳的正则表达式
define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record( $info, $id ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
$info = encrypt( $info );
if ( file_put_contents( $xss_record_file, '<?php exit();?>' . $info ) === false )
return false;
else
return true;
}
//读取某一时间戳的xss记录
function load_xss_record( $id ) {
if ( preg_match( ID_REGEX, $id ) ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
if ( !file_exists( $xss_record_file ) )
return false;
$info = @file_get_contents( $xss_record_file );
if ( $info === false )
return false;
if ( strncmp( $info, '<?php exit();?>', 15 ) != 0 )
return false;
$info = substr( $info, 15 );
$info = decrypt( $info );
//只会出现在加密密码错误的时候
if ( !preg_match( '/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info ) )
return false;
$info = json_decode( $info, true );
//只会出现在加密密码错误的时候
if ( $info === false )
return false;
$isChange = false;
if ( !isset( $info['location'] ) ) {
$info['location'] = convertIP( $info['user_IP'], IPDATA_PATH );
$isChange = true;
}
//只会出现在加密密码错误的时候
if ( !isset( $info['request_time'] ) ) {
return false;
}
if ( $isChange )
save_xss_record( json_encode( $info ), $id );
return $info;
}
else
return false;
}
//删除某一时间戳的xss记录
function delete_xss_record( $id ) {
if ( preg_match( ID_REGEX, $_GET['id'] ) ) {
$xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php';
return unlink( $xss_record_file );
}
else
return false;
}
//清空xss记录
function clear_xss_record() {
$files = glob( DATA_PATH . '/*.php' );
foreach ( $files as $file ) {
unlink( $file );
}
return true;
}
//获取xss记录时间戳列表
function list_xss_record_id() {
$files = glob( DATA_PATH . '/*.php' );
$list = array();
foreach ( $files as $file ) {
$filename = basename( $file, ".php" );
if ( preg_match( ID_REGEX, $filename ) )
$list[] = $filename;
}
return $list;
}
//获取所有xss记录
function list_xss_record_detail() {
$list = array();
$files = glob( DATA_PATH . '/*.php' );
arsort( $files );
foreach ( $files as $file ) {
$filename = basename( $file, ".php" );
$info = load_xss_record( $filename );
if ( $info === false )
continue;
$isChange = false;
//如果没有设置location就查询qqwry.dat判断location
if ( !isset( $info['location'] ) ) {
$info['location'] = convertIP( $info['user_IP'], IPDATA_PATH );
$isChange = true;
}
if ( $isChange )
save_xss_record( json_encode( $info ), $filename );
$list[] = $info;
}
return $list;
}
//读取名为$filename的js文件内容
function load_js_content( $path, $filename ) {
if ( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if ( !file_exists( $file ) )
return false;
$info = @file_get_contents( $file );
if ( $info === false )
$info = "";
return $info;
}
else
return false;
}
//删除名为$filename的js
function delete_js( $path, $filename ) {
if ( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink( $file );
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink( $file );
}
else
return false;
}
//清空js
function clear_js( $path ) {
$files = glob( $path . '/*.desc' );
foreach ( $files as $file ) {
unlink( $file );
}
$files = glob( $path . '/*.js' );
foreach ( $files as $file ) {
unlink( $file );
}
return true;
}
//保存名为$filename的js文件内容
function save_js_content( $path, $content, $filename ) {
if( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if ( file_put_contents( $file, $content ) === false )
return false;
else
return true;
}
else
return false;
}
//保存名为$filename的js文件描述
function save_js_desc( $path, $desc, $filename ) {
if( preg_match( FILE_REGEX, $filename ) ) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
$desc = encrypt( $desc );
if ( file_put_contents($file, $desc) === false )
return false;
else
return true;
}
else
return false;
}
//获取js的名字与描述列表
function list_js_name_and_desc( $path ) {
$list = array();
$files = glob( $path . '/*.js' );
arsort( $files );
foreach ( $files as $file ) {
//由于可能有中文名,故使用正则来提取文件名
$item = array();
$item['js_uri'] = $file;
$filename = preg_replace( '/^.+[\\\\\\/]/', '', $file );
$filename = substr( $filename, 0, strlen( $filename ) - 3 );
$item['js_name'] = $filename;
$item['js_name_abbr'] = htmlspecialchars($filename, ENT_QUOTES, 'UTF-8');
$result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' );
$result = $result ? $result : "";
$result = decrypt( $result );
if ( json_encode( $result ) === false )
$result = "加密密码不符,无法获得描述";
$item['js_description'] = $result;
$item['js_description_abbr'] = htmlspecialchars($result, ENT_QUOTES, 'UTF-8');
//特别注意只有js_name_abbrjs_description_abbr经过htmlspecialchars处理
$list[] = $item;
}
return $list;
}
//载入封禁的ip
function loadForbiddenIPList() {
$forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $forbidden_IP_list_file ) && @touch( $forbidden_IP_list_file );
$str = @file_get_contents( $forbidden_IP_list_file );
if ( $str === false )
return array();
$str = decrypt($str);
if ( $str != '' ) {
$result = json_decode( $str, true );
if ( $result != null )
return $result;
else
return array();
}
else
return array();
}
//保存封禁ip
function saveForbiddenIPList( $forbiddenIPList ) {
$forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat';
$str = json_encode( $forbiddenIPList );
$str = encrypt( $str );
@file_put_contents( $forbidden_IP_list_file, $str );
}
Reference in New Issue View Git Blame Copy Permalink