Exemplo n.º 1
0
    return $zip->close();
}
if (isset($_GET['target']) && !preg_match("#\\.\\./|\\.\\.%2f|\\.\\.%25%5c|\\.\\.%5c|\\.\\.%bg%qf|\\.\\.%u2215|\\.\\.%c0%9v|\\.\\.%u2216|%2e%2e/#i", $_GET['target'])) {
    // Check SQLMAP output dir for matching directory
    // If exists, zip directory contents and everything inside
    // Provide zip archive file as download attachment to user
    $dir_contents = array_diff(glob(preg_replace("#/\$#", "", SQLMAP_OUTPUT_PATH) . "/**"), array('.', '..'));
    $hdc = array();
    foreach ($dir_contents as $dir) {
        $dc = explode("/", $dir);
        $hdc[] = $dc[sizeof($dc) - 1];
    }
    if (in_array($_GET['target'], $hdc)) {
        $dl_file = TMP_PATH . uniqid('sqlmap_') . '_scan_results.zip';
        // This doesnt work for unique filenames?, need to find better way (maybe pass in task/scanID)...
        if (zipIt(SQLMAP_OUTPUT_PATH . $_GET['target'], $dl_file, true)) {
            // Include custom scan log from web panel since API usage wipes the normal log file....
            if (file_exists(TMP_PATH . $_GET['target'] . "/api_scan.log")) {
                $zip = new ZipArchive();
                if ($zip->open($dl_file) === TRUE) {
                    $zip->addFile(TMP_PATH . $_GET['target'] . "/api_scan.log", $_GET['target'] . '/api_scan.log');
                    $zip->close();
                }
            }
            header("Content-Type: application/octet-stream");
            header("Content-Transfer-Encoding: Binary");
            header("Content-disposition: attachment; filename=\"sqlmap_scan_results.zip\"");
            echo readfile($dl_file);
        }
        @unlink($dl_file);
    } else {
Exemplo n.º 2
0
if ($_POST['make']) {
    $_jahr = date("Y", time());
    $_monat = date("n", time());
    $_tag = date("j", time());
    $_stunde = date("H", time());
    $_minute = date("i", time());
    $_sekunde = date("s", time());
    $_name = $_jahr . "." . $_monat . "." . $_tag . "." . $_stunde . "." . $_minute . "." . $_sekunde;
    $_jahr = date("Y", time());
    $_monat = date("n", time());
    $_tag = date("j", time());
    $_name = $_jahr . "." . $_monat . "." . $_tag;
    $_zippfad = $_pfad;
    $zipname = $_zippfad . $_name . ".zip";
    $_ordner = "./Data/" . $_user->_ordnerpfad . "/";
    zipIt($_ordner, $zipname);
}
function zipIt($source, $destination, $include_dir = false, $additionalIgnoreFiles = array())
{
    $defaultIgnoreFiles = array('.', '..');
    $ignoreFiles = array_merge($defaultIgnoreFiles, $additionalIgnoreFiles);
    if (!extension_loaded('zip') || !file_exists($source)) {
        return false;
    }
    if (file_exists($destination)) {
        unlink($destination);
    }
    $zip = new ZipArchive();
    if (!$zip->open($destination, ZIPARCHIVE::CREATE)) {
        return false;
    }