firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
264460650b6bdbec5b7b16f290ad3405edec10e0
BlueLotus_XSSReceiver/login.php
firesun 264460650b Version 3.0.0 
1. 完成js模板,我的js模块,可以直接添加修改用于xss的js
2. 采用ace编辑器实现js代码高亮与错误检测
3. 使用js_beautify实现js代码格式化,使用jsmin实现js代码压缩
4. 整合xss'or工具部分功能,自由编码,方便生成最终的payload
5. 增加加密方式RC4,更改默认加密方式为RC4
6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤
7. 修复一系列bug
2016-01-24 01:07:17 +08:00

154 lines
4.2 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
define("IN_XSS_PLATFORM",true);
//CSP开启
header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; object-src 'none'; frame-src 'none'");
//设置httponly
ini_set("session.cookie_httponly", 1);
session_start();
require_once("config.php");
require_once("functions.php");
//判断是否登陆
if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
{
header("Location: admin.php");
exit();
}
//判断ip是否在封禁列表中
$forbiddenIPList=loadForbiddenIPList();
$ip=$_SERVER['REMOTE_ADDR'];
if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5)
{
if(isset($_POST['password']) && $_POST['password']!="")
{
if(checkPassword($_POST['password']))
{
$_SESSION['isLogin']=true;
$_SESSION['user_IP']=$ip;
$_SESSION['user_agent']=$_SERVER['HTTP_USER_AGENT'];
if(isset($forbiddenIPList[$ip]))
{
unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList);
}
header("Location: admin.php");
exit();
}
else
{
if(isset($forbiddenIPList[$ip]))
$forbiddenIPList[$ip]++;
else
$forbiddenIPList[$ip]=1;
saveForbiddenIPList($forbiddenIPList);
}
}
}
function loadForbiddenIPList()
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str = @file_get_contents( $logfile );
if($str===false)
return array();
$str =decrypt($str);
if($str!='')
{
$result=json_decode($str,true);
if($result!=null)
return $result;
else
return array();
}
else
return array();
}
function saveForbiddenIPList($forbiddenIPList)
{
$logfile = DATA_PATH . '/forbiddenIPList.dat';
!file_exists( $logfile ) && @touch( $logfile );
$str=json_encode($forbiddenIPList);
$str = encrypt($str);
@file_put_contents($logfile, $str);
}
/*
生成密码
php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"
*/
function checkPassword($p)
{
if(isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck']!="" && $_POST['firesunCheck']===$_SESSION['firesunCheck'])
{
//改了这个盐记得改login.js里的两个要一致
$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$key=PASS;
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
$key=md5($salt.$key.$_SESSION['firesunCheck'].$salt);
return $key===$p;
}
return false;
}
//生成挑战应答的随机值
function generate_password( $length = 32 ) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ( $i = 0; $i < $length; $i++ )
$password .= $chars[ mt_rand(0, strlen($chars) - 1) ];
return $password;
}
?>
<html>
<head>
<meta charset="utf-8" />
<title>登录</title>
<link rel="stylesheet" href='static/css/font-awesome.css' type="text/css" >
<link rel="stylesheet" href="static/css/login.css" type="text/css" />
<script type="text/javascript" src="static/js/jquery.min.js" ></script>
<script type="text/javascript" src="static/js/login.js" ></script>
</head>
<body>
<div id="loginform">
<div id="logo"></div>
<div id="mainlogin">
<h1>
登录控制面板
</h1>
<form action="" method="post">
<input type="password" placeholder="password" id="password" name="password" required="required">
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> />
<button type="submit" id="submit" disabled="disabled">
<i class="fa fa-arrow-right">
</i>
</button>
</form>
<div id="note">
<a href="#">
忘记密码?
</a>
</div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink