Example #1
0
function xss($data)
{
    if (is_array($data)) {
        $escaped = array();
        foreach ($data as $key => $value) {
            $escaped[$key] = xss($value);
        }
        return $escaped;
    }
    return htmlspecialchars($data);
}
function full($site)
{
    print "[-] Start full scanning mode.\n";
    pmapwn($site, 1);
    print "[-] Start SQL Injection Scan\n";
    sql($site, 1);
    print "[-] Start XSS Scan\n";
    xss($site, 1);
    print "[-] Start RFI Scan\n";
    rfi($site, 1);
    print "[-] Start LFI Scan\n";
    lfi($site, 1);
}
Example #3
0
/***使用文件存储模式下,creds和payloads路径,建议使用md5哈希后的复杂目录***/
$store_path = "./e160e60f7414a7bba0b46565c1ce0646/";
/***Cookie生成规则***/
#$token = md5(md5(md5(base64_encode(date("Y-m-d").$_SERVER['REMOTE_ADDR'].$username.$password))));
$token = md5(md5(md5(base64_encode($username . $password))));
/***全局参数***/
$ip = base64_encode($_SERVER['REMOTE_ADDR']);
$area = base64_encode(ip_lookup());
$time = date('Y-m-d H:i:s');
$user_lang = base64_encode($_SERVER['HTTP_ACCEPT_LANGUAGE']);
$user_agent = base64_encode($_SERVER['HTTP_USER_AGENT']);
/***当收到数据时触发XSS函数***/
if ($_REQUEST["cookie"] or $_REQUEST["location"]) {
    $cookie = base64_encode($_REQUEST['cookie']);
    $referer = base64_encode($_REQUEST['location']);
    xss();
}
$common_head = <<<EOF
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
<meta http-equiv="Cache-Control" content="max-age=0" forua="true"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
<title>#XSS</title>

<style>
body,ul,li{
\tmargin:0; padding:0;
\tfont-family: "Microsoft YaHei" ! important;
Example #4
0
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<?php 
require_once 'func.php';
$name = xss($_POST['name']);
$pass = encrypt(xss($_POST['pswd']));
require_once 'config.php';
$link = conn_db($hostname, $username, $password, $database);
if (!$link) {
    echo "Mysql conncet ERROR";
}
$query = "SELECT * FROM users WHERE usr_name='" . $name . "' AND usr_passwd = '" . $pass . "'";
if (!getaline($query, $link)) {
    echo "登陆失败";
    closedb($link);
    goback();
} else {
    closedb($link);
    session_begin();
    $ses = array('user' => $name, 'pass' => $pass);
    create_session($ses);
    if ($name == "admin") {
        jump('/admin/admin.php');
    }
    jump('unit.php');
    closedb($link);
}
Example #5
0
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<?php 
require_once 'func.php';
$chapter = xss($_POST['c']);
$destination = "uploadimg/" . $chapter;
session_begin();
if (!isset($_SESSION['user']) || !isset($_SESSION['pass'])) {
    jump('unit.php');
}
require_once 'config.php';
$link = conn_db($hostname, $username, $password, $database);
if (!$link) {
    echo "Mysql conncet ERROR";
}
$sql = "SELECT * FROM users WHERE usr_name='" . $_SESSION['user'] . "'";
$ret = runquery($sql, $link);
$row = getresult($ret);
$uid = $row['usr_stuno'];
?>
<html>
<head>
<title>第<?php 
echo $chapter;
?>
章</title>
<link href="http://libs.baidu.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet">
<script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js"></script>
<script src="http://libs.baidu.com/bootstrap/3.0.3/js/bootstrap.min.js"></script>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
Example #6
0
function xss($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
if ($_SESSION['signed_in']) {
    $sql = "SELECT * FROM users where userID='" . $_SESSION['user_id'] . "'";
    $result = mysql_query($sql);
    if (!$result) {
        echo 'sorry error occured try sometime later';
    } else {
        if (isset($_POST['submit'])) {
            if (!empty($_POST['content'])) {
                $content = xss($_POST['content']);
            } else {
                $error1 = "please fill all the fields";
            }
            if (empty($error1)) {
                $query = mysql_query("INSERT INTO `hackathon`.`pop_posts` (`id`, `p_content`, `p_img`, `p_url`, `p_by`, `p_date`) VALUES('','" . $content . "','','','" . $_SESSION['user_id'] . "',NOW())") or die(mysql_error());
                if ($query) {
                    $con = "Successfully posted";
                } else {
                    $error = "error occurred try afterwards";
                }
            }
        }
    }
}
?>
Example #7
0
for ($a = 0; $a < $n; $a++) {
    $b = $a;
    while ($b < 0 || intval($rtimes[$b - 1]) > intval($rtimes[$b])) {
        $mid = $rtimes[$b - 1];
        $rtimes[$b - 1] = $rtimes[$b];
        $rtimes[$b] = $mid;
        $mid = $rnames[$b - 1];
        $rnames[$b - 1] = $rnames[$b];
        $rnames[$b] = $mid;
        $b--;
    }
}
function xss($val)
{
    $val = str_replace("&", "&amp;", $val);
    $val = str_replace("<", "&lt;", $val);
    $val = str_replace(">", "&gt;", $val);
    $val = str_replace('"', "&quot;", $val);
    $val = str_replace("'", "&#x27;", $val);
    $val = str_replace("/", "&#x2F;", $val);
    return $val;
}
for ($j = $n - 1; $j >= 0; $j--) {
    $cmp = json_decode(file_get_contents("./data/comps/" . $rnames[$j]));
    echo "<tr>";
    echo "<td><a href='./comp/?" . substr($rnames[$j], 0, -5) . "'>" . xss($cmp->name) . "</a></td>";
    echo "<td>" . count($cmp->rows) . "</td>";
    echo "<td>" . xss($cmp->date) . "</td>";
    echo "<td><a href='./region/?" . str_replace(" ", "", strtolower($cmp->region)) . "'>" . xss($cmp->region) . "</a></td>";
    echo "</tr>";
}
Example #8
0
                                <td><strong id="js-profile-email"><?php 
echo xss($this->userinfo->email);
?>
</strong></td>
                            <tr>
                            </tr>
                                <td>Имя:</td>
                                <td><strong><?php 
echo xss($this->userinfo->name);
?>
</strong></td>
                            <tr>
                            </tr>
                                <td>Доступ:</td>
                                <td><strong><?php 
echo xss($this->userinfo->access);
?>
</strong></td>
                            </tr>
                        </tbody>
                    </table>
                </div>
            </div>
        </div>
    </div>

    <div class="row">
        <div class="col-xs-4 col-md-6">
            <form id="js-profile-form-change-password">
                <div class="card card-default">
                    <div class="card-header">
Example #9
0
$pass = encrypt(xss($_POST['pswd']));
$email = xss($_POST['mail']);
$no = xss($_POST['stuno']);
$major = xss($_POST['major']);
$time = date("Y-m-d h:i:s", time());
if (!isNumber($no)) {
    echo '<script>alert(\'学号必须为纯数字\');</script>';
    jump("reg.html");
    die;
}
if (!isEmail($email)) {
    echo '<script>alert(\'错误的E-mail地址\');</script>';
    jump("reg.html");
    die;
}
if (!isEngLength(xss($_POST['pswd']), 6, 15)) {
    echo '<script>alert(\'密码长度必须在6-15位之间!\');</script>';
    jump("reg.html");
    die;
}
require_once 'config.php';
$link = conn_db($hostname, $username, $password, $database);
if (!$link) {
    echo "Mysql Connect ERROR";
}
$query = "SELECT * FROM users WHERE usr_name=" . '"' . $name . '"';
$res = mysql_query($query, $link);
if (mysql_num_rows($res)) {
    echo '<script type="text/javascript">alert("这个用户名已经存在!")</script>';
    jump("reg.html");
    die;
Example #10
0
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />

<?php 
require_once '../func.php';
$chapter = xss($_POST['chapter']);
$ty = xss($_POST['ty']);
$no = xss($_POST['no']);
require_once '../config.php';
$link = conn_db($hostname, $username, $password, $database);
if (!$link) {
    echo "Mysql Connect ERROR";
}
if ($ty == "judgement") {
    $query = "DELETE FROM judgement_" . $chapter . " WHERE judgement_no=" . $no;
} elseif ($ty == "blank") {
    $query = "DELETE FROM fill_" . $chapter . " WHERE fill_no=" . $no;
} elseif ($ty = "choice") {
    $query = "DELETE FROM choice_" . $chapter . " WHERE choice_no=" . $no;
}
if (mysql_query($query, $link)) {
    echo "题目删除成功";
    jump('delete.php');
} else {
    echo "题目删除失败";
    jump('delete.php');
}
Example #11
0
<?php

$folder = xss($_GET['id']);
?>

<div class="row">
	<div class="col-lg-12">
		<ul class="breadcrumb" style="font-size:25px"> 
			<li><a href="admin.php"><i class="fa fa-home"></i> Inicio</a></li> 
			<li><a href="#"><i class="fa fa-folder"></i> <?php 
echo $folder;
?>
</a></li> 
		</ul>
	</div>
</div>
<div class="row">
	<div class="col-xs-6 col-sm-4 col-md-2 col-lg-2">
		<a href="admin.php?m=file&id=1001">
			<div class="panel bg-f403 panel-colorful text-center">
				<div class="panel-body">
					<i class="fa fa-file-o" style="font-size:90px;"></i>
				</div>
				<div class="bg-white" style="padding:5px;">
					<h4 class="mar-no text-thin">1001</h4>
				</div>
			</div>
		</a>
	</div>
	<div class="col-xs-6 col-sm-4 col-md-2 col-lg-2">
		<a href="admin.php?m=file">
Example #12
0
require_once '../config.php';
$link = conn_db($hostname, $username, $password, $database);
$score = 0;
for ($i = 1; $i <= $one; $i++) {
    $aid[$i] = (int) xss($_POST['aid'][$i]);
    $qid[$i] = (int) xss($_POST['qid'][$i]);
    $uid[$i] = (int) xss($_POST['uid'][$i]);
    $key[$i] = xss($_POST['key'][$i]);
    $type = (int) xss($_POST['ty']);
    $time = date("Y-m-d h:i:s", time());
    $chapter = (int) xss($_POST['chapter'][$i]);
    $query = "SELECT usr_name FROM users WHERE usr_stuno='" . $uid[$i] . "'";
    $ret = runquery($query, $link);
    $row = mysql_fetch_row($ret);
    $name = $row[0];
    $key[$i] = xss($_POST['key'][$i]);
    if ($key[$i] == '1') {
        $score = $score + 5;
        $query = "UPDATE fill_answer_" . $chapter . " SET correct='" . $key[$i] . "' WHERE fill_answer_no='" . $aid[$i] . "'";
        $ret = runquery($query, $link);
    } else {
        $query1 = "UPDATE fill_answer_" . $chapter . " SET correct='" . $key[$i] . "' WHERE fill_answer_no='" . $aid[$i] . "'";
        $query2 = "INSERT INTO wrong_answer (chapter,type,stuno,no,fin_time,usr_name) VALUES ('" . $chapter . "','2','" . $uid[$i] . "','" . $qid[$i] . "','" . $time . "','" . $name . "')";
        echo $query2;
        $ret1 = runquery($query1, $link);
        $ret2 = runquery($query2, $link);
    }
}
$query = "UPDATE score SET score_" . $chapter . "_2='" . $score . "' WHERE usr_stuno='" . $uid[1] . "'";
runquery($query, $link);
jump("reply.php");
Example #13
0
<?php

$id = xss($_GET['id']);
?>

<div class="row">
	<div class="col-lg-12">
		<ul class="breadcrumb" style="font-size:25px"> 
			<li><a href="admin.php"><i class="fa fa-home"></i> Inicio</a></li> 
			<li><a href="admin.php?m=folder&id=1000-1050"><i class="fa fa-folder"></i> 1000 - 1050 </a></li> 
			<li><a href="#"><i class="fa fa-file"></i> 1000</a></li> 
		</ul>
	</div>
</div>
<div class="row">
	<div class="col-md-12">
		<embed src="pdf/pantallas seguros.pdf" width="100%" height="1000px">
	</div>
</div>
Example #14
0
function scan()
{
    print "\n  Options:\n";
    print "    sqli - SQL Injection\n";
    print "    xss - Cross Site Scripting\n";
    print "    lfi - Local File Inclusion\n";
    print "    rfi - Remote File Inclusion\n";
    print "    all - F**k shit up\n";
    print "     What: ";
    $choice = fopen("php://stdin", "r");
    $what = fgets($choice);
    print "\n File: ";
    $choicef = fopen("php://stdin", "r");
    $whatf = fgets($choicef);
    $whatf = trim($whatf);
    if (file_exists('out/' . $whatf)) {
        if (trim($what) == 'sqli' || trim($what) == 'all' || trim($what) == 'sqli&xss') {
            print "\n\n - Testing SQL Injection for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                sqli(urldecode($link));
            }
        }
        if (trim($what) == 'xss' || trim($what) == 'all' || trim($what) == 'sqli&xss') {
            print "\n\n - Testing Cross Site Scripting for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                xss(urldecode($link));
            }
        }
        if (trim($what) == 'lfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) {
            print "\n\n - Testing Local File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                lfi(urldecode($link));
            }
        }
        if (trim($what) == 'rfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) {
            print "\n\n - Testing Remote File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                rfi(urldecode($link));
            }
        }
    } else {
        print "\nFile doesnt exist!\n";
    }
}
Example #15
0
</p>
                <form id="reset-form" action="<?php 
echo $this->path;
?>
user/reset" method="post">
                    <div class="form-group">
                        <label>Укажите новый пароль</label>
                        <input type="password" class="form-control underlined" name="password" placeholder="Пароль" data-msg-required="Введите новый пароль" required>
                    </div>
                    <div class="form-group">
                        <input type="hidden" name="_token" value="<?php 
echo $this->csrf_token;
?>
">
                        <input type="hidden" name="key" value="<?php 
echo xss($this->key);
?>
">
                        <button type="submit" class="btn btn-block btn-primary">Сохранить новый пароль</button>
                    </div>
                    <div class="form-group clearfix">
                        <a class="pull-left" href="<?php 
echo $this->path;
?>
">Войти</a>
                        <a class="pull-right" href="<?php 
echo $this->path;
?>
user/register">Зарегистрироваться</a>
                    </div>
                </form>
Example #16
0
<?php 
require_once 'func.php';
session_begin();
if (!isset($_SESSION['user']) || !isset($_SESSION['pass'])) {
    jump('unit.php');
}
$one = count($_POST['qid']);
$score = 75;
for ($i = 0; $i < $one; $i++) {
    $uid[$i] = (int) xss($_POST['uid'][$i]);
    $qid[$i] = (int) xss($_POST['qid'][$i]);
    $key[$i] = xss($_POST['key'][$i]);
    $type = (int) xss($_POST['type'][$i]);
    $time = date("Y-m-d h:i:s", time());
    $chapter = $_POST['ty'];
    $name = xss($_POST['uname']);
    require_once 'config.php';
    $link = conn_db($hostname, $username, $password, $database);
    if (!$link) {
        echo "Mysql conncet ERROR";
    }
    if ($type == 1) {
        $query = "SELECT answer FROM judgement_" . $chapter . " WHERE judgement_no='" . $qid[$i] . "'";
        $ret = runquery($query, $link);
        $row = mysql_fetch_row($ret);
        if ($key[$i] == $row[0]) {
            $correct = 1;
        } else {
            $correct = 0;
            $query = "INSERT INTO wrong_answer (chapter,type,stuno,no,fin_time,usr_name) values ('" . $chapter . "','" . $type . "','" . $uid[$i] . "','" . $qid[$i] . "','" . $time . "','" . $name . "')";
            //echo $query;
Example #17
0
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />

<?php 
require_once '../func.php';
$chapter = xss($_POST['chapter']);
$stem = xss($_POST['stem']);
$ty = xss($_POST['ty']);
$answer = xss($_POST['answer']);
require_once '../config.php';
$link = conn_db($hostname, $username, $password, $database);
if (!$link) {
    echo "Mysql Connect ERROR";
}
if ($ty == "judgement") {
    $query = "INSERT INTO judgement_" . $chapter . " (chapter,stem,answer,type) values ('" . $chapter . "','" . $stem . "','" . $answer . "','1')";
} elseif ($ty == "blank") {
    $query = "INSERT INTO fill_" . $chapter . " (chapter,stem,answer,type) values ('" . $chapter . "','" . $stem . "','" . $answer . "','1')";
} elseif ($ty = "choice") {
    $query = "INSERT INTO choice_" . $chapter . " (chapter,stem,answer,type) values ('" . $chapter . "','" . $stem . "','" . $answer . "','1')";
}
if (mysql_query($query, $link)) {
    echo "yes";
    jump('subject.php');
} else {
    echo "no";
    jump('subject.php');
}
Example #18
0
<?php

if (isset($_REQUEST['sEcho'])) {
    echo json_encode(array('sEcho' => intval($_REQUEST['sEcho']), 'iTotalRecords' => 1, 'iTotalDisplayRecords' => 1, 'aaData' => array(array(1, 2, 3, 4, 5)), 'post' => xss($_POST), 'get' => xss($_GET), 'post_length' => count(array_keys($_POST)), 'get_length' => count(array_keys($_GET))));
} else {
    echo json_encode(array('aaData' => array(array(1, 2, 3, 4, 5)), 'post' => xss($_POST), 'get' => xss($_GET), 'post_length' => count(array_keys($_POST)), 'get_length' => count(array_keys($_GET))));
}
// This script shouldn't be hosted on a public server, but to prevent attacks:
function xss($a)
{
    $out = array();
    foreach ($a as $key => $value) {
        $out[$key] = htmlentities($value);
    }
    return $out;
}
Example #19
0
    ?>
" width="<?php 
    echo xss($_GET["ParamWidth"]);
    ?>
"></iframe>
<?php 
} else {
    ?>
    <iframe frameborder="0" src="<?php 
    echo xss($_GET["ParamUrl"]);
    ?>
" height="<?php 
    echo xss($_GET["ParamHeight"]);
    ?>
" width="<?php 
    echo xss($_GET["ParamWidth"]);
    ?>
"></iframe>
<?php 
}
?>

</div>

<div id="side">

    <a href="http://twitter.com/MME_IT" target="blank_" class="button"><img src="./images/twitter.png"></a>
    <a href="http://be.linkedin.com/in/malikmesellem" target="blank_" class="button"><img src="./images/linkedin.png"></a>
    <a href="http://www.facebook.com/pages/MME-IT-Audits-Security/104153019664877" target="blank_" class="button"><img src="./images/facebook.png"></a>
    <a href="http://itsecgames.blogspot.com" target="blank_" class="button"><img src="./images/blogger.png"></a>
Example #20
0
 /**
  * 对话框式编辑BUG模板
  */
 public function editbugtplAction()
 {
     $sets = array('tplname' => xss($_POST['tplname']), 'tplhtml' => $_POST['tplhtml']);
     $this->model->updateBugtpl($sets, $_POST['editid']);
     $this->outputJson(0, 'ok', $_POST['editid']);
 }
Example #21
0
			<div class="col-md-4">
				<div class="panel panel-default">
  					<div class="panel-heading">
	    				<h3 class="panel-title">
	    					<span>Regions (<?php 
echo count($regions);
?>
)</span>
	    				</h3>
	  				</div>
	  				<div class="panel-body">
	  					<?php 
foreach ($regions as $region) {
    echo "<div class='comp'>";
    echo "<a style='font-size: 12pt' href='../region?" . $region->handle . "'>" . xss($region->name) . "</a>";
    echo "<div><strong>Super Region:</strong> " . xss($region->superregion) . "</div>";
    echo "";
    echo "</div>";
    echo "<hr/>";
}
?>
					</div>
				</div>
			</div>
		</div>

	<div class="modal fade" id="modal_comp">
  		<div class="modal-dialog">
    		<div class="modal-content">
      			<div class="modal-header">
        			<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>