function search_vuln($scanID) { $pScanID = $scanID; // echo $pScanID.'<br>'; if ($userid = get_userid()) { // echo $userid . '<br>'; } else { die; } $query = "SELECT Vuln.IP_URL,Plugin.Name,Vuln.Vuln_Info,Vuln.Level FROM Plugin,Scan,Vuln WHERE Vuln.Scan_ID=Scan.ID AND Vuln.Plugin_ID=Plugin.ID AND Scan.ID={$scanID} AND Scan.User_ID='{$userid}' ORDER BY Vuln.IP_URL,Vuln.Level,Vuln.ID"; // echo $query.'<br>'; $ret = array(); $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { // var_dump($row); foreach ($row as $key => $value) { // echo $key.' => '.$value; $row[$key] = check_xss($value); } $ipurl = $row[0]; $ret[$ipurl][] = array_slice($row, 1); } // var_dump($ret); return $ret; }
function StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq) { if (is_array($StrFiltValue)) { $StrFiltValue = implode($StrFiltValue); } if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1 || check_xss($StrFiltValue)) { //slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue); error_log("操作IP: " . $_SERVER["REMOTE_ADDR"] . ",操作时间: " . strftime("%Y-%m-%d %H:%M:%S") . ",操作页面:" . $_SERVER["PHP_SELF"] . ",提交方式: " . $_SERVER["REQUEST_METHOD"] . ",提交参数: " . $StrFiltKey . ",提交数据: " . $StrFiltValue . "\n", 3, $_SERVER['DOCUMENT_ROOT'] . "/log/360safe-" . date("Y-m-d", time()) . ".log"); print "notice:Illegal operation!"; exit; } }
function get_code($name = '', $id = 1) { // $pName = check_sql($name); $query = "SELECT Code FROM Plugin WHERE Name='{$name}'"; // print($query.'<br>'); // $ret = array('data' => array(), ); $result = mysql_query($query); if ($row = mysql_fetch_row($result)) { // $code = check_xss($row[0]); $code = $row[0]; // print $code.'<br>'; return check_xss($code); } }
function search_dist($status, $os, $mac, $distid = 0) { // $pKeyword = check_sql($keyword); $pStatus = $status; $pOS = $os; $pMAC = $mac; $pId = $distid; $time = time(); $ip = $_SERVER["REMOTE_ADDR"]; if ($userid = get_userid()) { // echo $userid . '<br>'; } else { die; } // echo $userid . '<br>'; // echo $time . '<br>'; // if Last_Time bigger than now time too much, such as 1 min, then set online status off $query = "UPDATE Dispatcher SET Status=0 WHERE {$time}-Last_Time>60"; $result = mysql_query($query); // then select information $query = "SELECT Dispatcher.ID,Dispatcher.OS,Dispatcher.MAC,Dispatcher.IP,Dispatcher.Last_Time,Dispatcher.Status,User.Name FROM Dispatcher,User WHERE Dispatcher.User_ID=User.ID AND Dispatcher.User_ID='{$userid}'"; if (is_int($pStatus) and $pStatus >= 0 and $pStatus < 2) { $query .= " AND Dispatcher.Status='{$pStatus}'"; } if ($pOS) { $query .= " AND Dispatcher.OS like'%{$pOS}%'"; } if ($pMAC) { $query .= " AND Dispatcher.MAC='{$pMAC}'"; } if (is_int($pId) and $pId > 0) { $query .= " AND Dispatcher.ID={$pId}"; } // echo $query.'<br>'; $ret = array('data' => array()); $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { // var_dump($row); foreach ($row as $key => $value) { // echo $key.' => '.$value; $row[$key] = check_xss($value); } $ret['data'][] = $row; // var_dump($row); } return $ret; }
function search_config($s) { $name = check_sql($name); $userId = $_SESSION['userID']; $query = "SELECT Config.Name,Config.Description FROM Config,User WHERE Config.User_ID=User.ID AND Config.Name like '%{$name}%'"; // echo $query.'<br>'; $ret = array(); $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { foreach ($row as $key => $value) { $row[$key] = check_xss($value); } $ret[] = $row; // var_dump($row); } return $ret; }
function search_task($level, $keyword = '', $taskid = 0) { // $pKeyword = check_sql($keyword); $pLevel = $level; // echo $pLevel.'<br>'; $pKeyword = $keyword; $pId = $taskid; if ($userid = get_userid()) { // echo $userid . '<br>'; } else { die; } // echo $userid . '<br>'; // print $pLevel.$pKeyword; $query = "SELECT Task.ID,Task.Target,Task.Start_Time,Task.End_Time,Task.Arguments,Task.Status,User.Name,CONCAT(Dispatcher.ID,':',Dispatcher.MAC,':',Dispatcher.OS,':',Dispatcher.IP) \n\t\t\tFROM Task\n\t\t\tINNER JOIN User ON Task.User_ID=User.ID\n\t\t\tLEFT JOIN Dispatcher ON Dispatcher.ID=Task.Dispatcher_ID \n\t\t\tWHERE Task.User_ID='{$userid}'"; if (is_int($pLevel) and $pLevel > 0 and $pLevel < 4) { $pLevel = $pLevel == 1 ? 'done' : ($pLevel == 2 ? 'running' : ($pLevel == 3 ? 'waiting' : 'others')); $query .= " AND Task.Status='{$pLevel}'"; } if ($pKeyword != '') { $query .= " AND Task.Target LIKE '%{$pKeyword}%'"; } if (is_int($pId) and $pId > 0) { $query .= " AND Task.ID={$pId}"; } // echo $query.'<br>'; $ret = array('data' => array()); $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { // var_dump($row); foreach ($row as $key => $value) { // echo $key.' => '.$value; $row[$key] = check_xss($value); } $ret['data'][] = $row; // var_dump($row); } return $ret; }
function get_code($id = 0, $name = '') { $pID = intval($id); $pName = check_sql($name); $query = "SELECT ID,Name,Type,Author,Time,Version,Web,Description,Code FROM Plugin"; if (is_int($pID) and $pID > 0) { $query .= " WHERE ID={$pID}"; } elseif ($pName != '') { $query .= " WHERE Name={$pName}"; } // print($query.'<br>'); // $ret = array('data' => array(), ); $result = mysql_query($query); if ($row = mysql_fetch_row($result)) { foreach ($row as $key => $value) { // echo $key.' => '.$value; $row[$key] = check_xss($value); } $ret['data'][] = $row; return $ret; } }
function search_scan($level, $keyword = '', $scanid = 0) { // $pKeyword = check_sql($keyword); $pLevel = $level; $pKeyword = $keyword; $pId = $scanid; if ($userid = get_userid()) { // echo $userid . '<br>'; } else { die; } // echo $userid . '<br>'; // print $pLevel.$pKeyword; $query = "SELECT Scan.ID,Scan.Url,Scan.Start_Time,Scan.End_Time,Scan.Level,Scan.Arguments,User.Name FROM Scan,User WHERE Scan.User_ID=User.ID AND Scan.User_ID='{$userid}'"; if (is_int($pLevel) and $pLevel > 0 and $pLevel < 5) { $query .= " AND Scan.Level={$pLevel}"; } if ($pKeyword != '') { $query .= " AND Scan.Url LIKE '%{$pKeyword}%'"; } if (is_int($pId) and $pId > 0) { $query .= " AND Scan.ID={$pId}"; } // echo $query.'<br>'; $ret = array('data' => array()); $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { // var_dump($row); foreach ($row as $key => $value) { // echo $key.' => '.$value; $row[$key] = check_xss($value); } $ret['data'][] = $row; // var_dump($row); } return $ret; }
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE); include ENGINE_DIR . '/data/config.php'; if ($config['http_home_url'] == "") { $config['http_home_url'] = explode("engine/print.php", $_SERVER['PHP_SELF']); $config['http_home_url'] = reset($config['http_home_url']); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; include_once ENGINE_DIR . '/data/dbconfig.php'; include_once ENGINE_DIR . '/modules/functions.php'; require_once ENGINE_DIR . '/classes/templates.class.php'; dle_session(); if ($config['site_offline'] == "yes") { die("The site in offline mode"); } check_xss(); $_TIME = time() + $config['date_adjust'] * 60; if (isset($_COOKIE['dle_skin'])) { $_COOKIE['dle_skin'] = trim(totranslit($_COOKIE['dle_skin'], false, false)); if ($_COOKIE['dle_skin'] != '' and @is_dir(ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'])) { $config['skin'] = $_COOKIE['dle_skin']; } } if ($config["lang_" . $config['skin']]) { if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) { include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng'; } else { die("Language file not found"); } } else { include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
print_import(); }elseif ($_REQUEST['doim']){ check_xss();do_import(); }elseif ($_REQUEST['dosht']){ check_xss();do_sht(); }elseif (!$_REQUEST['refresh'] || preg_match('/^select|show|explain|desc/i',$SQLq) ){ if ($SQLq)check_xss(); do_sql($SQLq);#perform non-select SQL only if not refresh (to avoid dangerous delete/drop) } }else{ if ( $_REQUEST['refresh'] ){ check_xss();do_sql($SHOW_D); }elseif ($_REQUEST['crdb']){ check_xss();do_sql('CREATE DATABASE `'.$_REQUEST['new_db'].'`');do_sql($SHOW_D); }elseif ( preg_match('/^(?:show\s+(?:databases|status|variables|process)|create\s+database|grant\s+)/i',$SQLq) ){ check_xss();do_sql($SQLq); }else{ $err_msg="Select Database first"; if (!$SQLq) do_sql($SHOW_D); } } } $time_all=ceil((microtime_float()-$time_start)*10000)/10000; print_screen(); }else{ print_cfg(); } function do_sql($q){ global $dbh,$last_sth,$last_sql,$reccount,$out_message,$SQLq,$SHOW_T;