return $zip->close(); } if (isset($_GET['target']) && !preg_match("#\\.\\./|\\.\\.%2f|\\.\\.%25%5c|\\.\\.%5c|\\.\\.%bg%qf|\\.\\.%u2215|\\.\\.%c0%9v|\\.\\.%u2216|%2e%2e/#i", $_GET['target'])) { // Check SQLMAP output dir for matching directory // If exists, zip directory contents and everything inside // Provide zip archive file as download attachment to user $dir_contents = array_diff(glob(preg_replace("#/\$#", "", SQLMAP_OUTPUT_PATH) . "/**"), array('.', '..')); $hdc = array(); foreach ($dir_contents as $dir) { $dc = explode("/", $dir); $hdc[] = $dc[sizeof($dc) - 1]; } if (in_array($_GET['target'], $hdc)) { $dl_file = TMP_PATH . uniqid('sqlmap_') . '_scan_results.zip'; // This doesnt work for unique filenames?, need to find better way (maybe pass in task/scanID)... if (zipIt(SQLMAP_OUTPUT_PATH . $_GET['target'], $dl_file, true)) { // Include custom scan log from web panel since API usage wipes the normal log file.... if (file_exists(TMP_PATH . $_GET['target'] . "/api_scan.log")) { $zip = new ZipArchive(); if ($zip->open($dl_file) === TRUE) { $zip->addFile(TMP_PATH . $_GET['target'] . "/api_scan.log", $_GET['target'] . '/api_scan.log'); $zip->close(); } } header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: Binary"); header("Content-disposition: attachment; filename=\"sqlmap_scan_results.zip\""); echo readfile($dl_file); } @unlink($dl_file); } else {
if ($_POST['make']) { $_jahr = date("Y", time()); $_monat = date("n", time()); $_tag = date("j", time()); $_stunde = date("H", time()); $_minute = date("i", time()); $_sekunde = date("s", time()); $_name = $_jahr . "." . $_monat . "." . $_tag . "." . $_stunde . "." . $_minute . "." . $_sekunde; $_jahr = date("Y", time()); $_monat = date("n", time()); $_tag = date("j", time()); $_name = $_jahr . "." . $_monat . "." . $_tag; $_zippfad = $_pfad; $zipname = $_zippfad . $_name . ".zip"; $_ordner = "./Data/" . $_user->_ordnerpfad . "/"; zipIt($_ordner, $zipname); } function zipIt($source, $destination, $include_dir = false, $additionalIgnoreFiles = array()) { $defaultIgnoreFiles = array('.', '..'); $ignoreFiles = array_merge($defaultIgnoreFiles, $additionalIgnoreFiles); if (!extension_loaded('zip') || !file_exists($source)) { return false; } if (file_exists($destination)) { unlink($destination); } $zip = new ZipArchive(); if (!$zip->open($destination, ZIPARCHIVE::CREATE)) { return false; }