function __construct() { if (!defined('WEBSCAN_KEY') || WEBSCAN_KEY == null || WEBSCAN_KEY == '' || WEBSCAN_KEY == "@webscan360key@") { require_once dirname(dirname(__FILE__)) . '/lib/webscan360_db.class.php'; $webscan360db = new Webscan360_db(); $ressult = $webscan360db->rec_getRow(array('var' => 'skey')); if (!empty($ressult) && !empty($ressult['value'])) { $skey = $ressult['value']; define("WEBSCAN_KEY", "{$skey}"); } } if (defined('WEBSCAN_KEY') && isset($_POST['action']) && isset($_POST['key']) && $_POST['key'] == WEBSCAN_KEY && isset($_POST['task']) && WEBSCAN_KEY != null && WEBSCAN_KEY != '' && WEBSCAN_KEY != "@webscan360key@") { $this->action = $_POST['action']; $this->taskid = $_POST['task']; } if (is_writable('./')) { $this->_tmp = './'; } elseif (is_writable(sys_get_temp_dir())) { $this->_tmp = substr(sys_get_temp_dir(), -1) == '/' || substr(sys_get_temp_dir(), -1) == '\\' ? sys_get_temp_dir() : sys_get_temp_dir() . '/'; } }
/** * 域名管理者权限验证 * * @return array */ private function verifyDomain() { $webscan_config = $this->webscan360_config; //print_r($webscan_config);exit; if(!empty($webscan_config)){ $site_url = $webscan_config['SITE_URL']; if(!empty($site_url)){ $site_url ="http://".str_replace("http://","",strtolower($site_url)); } } if(empty($site_url)){ $site_url = $_SERVER ['HTTP_HOST']; } $result = array ('infocode' => "no", 'msg' => "" ); $model = new webscan360_http( ); $ret = $model->http_request ( $this->webscan360_getkey_url, array ('host' => $site_url , 'mid'=>$webscan_config['MID'] ) ); if(empty($ret)){ return array ('infocode' => "601", 'msg' => "not http"); } //print_r($ret);exit; $httpcode = $ret ['httpcode']; $response = $ret ['response']; $response = json_decode ( $response, true ); $webscan360db = new Webscan360_db(); if (! empty ( $ret ) && ! empty ( $response ) && $httpcode == 200 && $response ['infocode'] == "111" && ! empty ( $response ['key'] )) { $key = $response ['key']; $res_key = $webscan360db->rec_getRow( array ('var' => 'key' ) ); if (! empty ( $res_key )) { $op_ret = $webscan360db->rec_update( array ('value' => $key ), array ('var' => 'key' ) ); } else { $op_ret = $webscan360db->rec_insert ( array ('var' => 'key', 'value' => $key ) ); } if ($op_ret) { $ret_verityDomain = $model->http_request ( $this->webscan360_verifydomain_url, array ('key' => $key, 'host' => $site_url, 'mid'=>$webscan_config['MID'] ) ); $httpcode_verityDomain = $ret_verityDomain ['httpcode']; $response_verityDomain = $ret_verityDomain ['response']; if (! empty ( $ret_verityDomain ) && ! empty ( $response_verityDomain ) && $httpcode_verityDomain == 200) { $response_verityDomain_array = json_decode ( $response_verityDomain, true ); $result = $response_verityDomain_array; } else { $result = array ('infocode' => "203", 'msg' => "not verify host from 360webscan", 'httpcode' => $httpcode_verityDomain,'response'=>$response_verityDomain ); } } else { $result = array ('infocode' => "202", 'msg' => "not insert key" ); } } else { if ($response['infocode'] == "300"||$response['infocode'] == "106") { $result = $response; } else { $result = array ('infocode' => "201", 'msg' => "not get key from 360webscan", 'httpcode' => $httpcode ,'response'=>$response); } } if (! empty ( $result )) { $webscan360db->rec_insert( array ('var' => 'log_verify', 'value' => json_encode ( $result ) ) ); } return $result; }
<?php $ptime = $_POST['ptime']; if (!empty($ptime)) { require_once 'lib/webscan360_db.class.php'; $webscan360db = new Webscan360_db(); $res = $webscan360db->rec_getRow(array('var' => 'key')); if (!empty($res) && !empty($res['value'])) { echo md5("webscan360:" . $res['value'] . ":" . $ptime); } }
<?php webscan_error(); //引用配置文件 require_once('webscan_cache.php'); if (!defined('WEBSCAN_U_KEY')||WEBSCAN_U_KEY==null||WEBSCAN_U_KEY==''||WEBSCAN_U_KEY=="@webscan360key@"){ require_once dirname(dirname(__FILE__)).'/lib/webscan360_db.class.php'; $webscan360db = new Webscan360_db(); $ressult = $webscan360db->rec_getRow(array('var'=>'pkey')); if(!empty($ressult)&&!empty($ressult['value'])){ $pkey = $ressult['value']; define("WEBSCAN_U_KEY", "$pkey"); define("WEBSCAN_API_LOG" , WEBSCAN_API_LOG_T . "/?key=".WEBSCAN_U_KEY); define("WEBSCAN_UPDATE_FILE" , WEBSCAN_UPDATE_FILE_T . "/?key=".WEBSCAN_U_KEY); } } //防护脚本版本号 define("WEBSCAN_VERSION", '0.1.1.9'); //防护脚本MD5值 define("WEBSCAN_MD5", md5(@file_get_contents(__FILE__))); //get拦截规则 $getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //post拦截规则 $postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //cookie拦截规则 $cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //获取指令 $webscan_action = isset($_POST['webscan_act'])&&webscan_cheack() ? trim($_POST['webscan_act']) : ''; //referer获取 $webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);