firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da7980897e76019889a96989feaaaadb5e2e3559
BlueLotus_XSSReceiver/dio.php
firesun 833ee3844f Version 3.3.1 
代码格式化
2016-01-28 11:27:27 +08:00

140 lines
4.1 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("load.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info, $filename) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
!file_exists($logFile) && @touch($logFile);
$info = encrypt($info);
if (file_put_contents($logFile, '<?php exit();?>' . $info) === false)
return false;
else
return true;
}
function load_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile))
return false;
$info = @file_get_contents($logFile);
if ($info === false)
return false;
if (strncmp($info, '<?php exit();?>', 15) != 0)
return false;
$info = substr($info, 15);
$info = decrypt($info);
//只会出现在加密密码错误的时候
if (!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info))
return false;
$info = json_decode($info, true);
//只会出现在加密密码错误的时候
if ($info === false)
return false;
$isChange = false;
if (!isset($info['location'])) {
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true;
}
//只会出现在加密密码错误的时候
if (!isset($info['request_time'])) {
return false;
}
if ($isChange)
save_xss_record(json_encode($info), $filename);
return $info;
} else
return false;
}
function delete_xss_record($filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile);
} else
return false;
}
function clear_xss_record() {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function load_js_content($path, $filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if (!file_exists($file))
return false;
$info = @file_get_contents($file);
if ($info === false)
$info = "";
return $info;
} else
return false;
}
function delete_js($path, $filename) {
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink($file);
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink($file);
} else
return false;
}
function clear_js($path) {
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function save_js_content($path, $content, $filename) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
!file_exists($file) && @touch($file);
if (file_put_contents($file, $content) === false)
return false;
else
return true;
}
function save_js_desc($path, $desc, $filename) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
!file_exists($file) && @touch($file);
$desc = encrypt($desc);
if (file_put_contents($file, $desc) === false)
return false;
else
return true;
}
Reference in New Issue View Git Blame Copy Permalink