firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
264460650b6bdbec5b7b16f290ad3405edec10e0
BlueLotus_XSSReceiver/dio.php
firesun 264460650b Version 3.0.0 
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js
2. 采用ace编辑器实现js代码高亮与错误检测
3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩
4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload
5. 增加加密方式RC4,更改默认加密方式为RC4
6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤
7. 修复一系列bug
2016-01-24 01:07:17 +08:00

161 lines
3.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("config.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info,$filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
!file_exists($logFile) && @touch($logFile);
$info=encrypt($info);
if(file_put_contents($logFile, '<?php exit();?>'.$info)===false)
return false;
else
return true;
}
function load_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
if(!file_exists($logFile))
return false;
$info=@file_get_contents($logFile);
if($info===false)
return false;
if(strncmp($info,'<?php exit();?>',15)!=0)
return false;
$info=substr($info,15);
$info=decrypt($info);
//只会出现在加密密码错误的时候
if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
return false;
$info=json_decode($info, true);
//只会出现在加密密码错误的时候
if($info===false)
return false;
$isChange=false;
if(!isset($info['location']))
{
$info['location']=stripStr(convertip($info['user_IP'],IPDATA_PATH));
$isChange=true;
}
//只会出现在加密密码错误的时候
if(!isset($info['request_time']))
{
return false;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
return $info;
}
else
return false;
}
function delete_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
return unlink($logFile);
}
else
return false;
}
function clear_xss_record()
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function load_js_content($path,$filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
if(!file_exists($file))
return false;
$info=@file_get_contents($file);
if($info===false)
$info="";
return $info;
}
else
return false;
}
function delete_js($path,$filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
unlink($file);
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
return unlink($file);
}
else
return false;
}
function clear_js($path)
{
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function save_js_content($path,$content,$filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
!file_exists($file) && @touch($file);
if(file_put_contents($file, $content)===false)
return false;
else
return true;
}
function save_js_desc($path,$desc,$filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
!file_exists($file) && @touch($file);
$desc=encrypt($desc);
if(file_put_contents($file, $desc)===false)
return false;
else
return true;
}
?>
Reference in New Issue View Git Blame Copy Permalink