define('salt_THIs_iS_Web_Dir','@@@@@@@@');
define('salt_Logger_bAse_DIR','########');
define('salt_THIS_IS_FILE_SALT','!!!!!!!!');
define('salt_THIS_IS_PRV_KEY','********');
define('GET_FLAG_SHELL','%%%%%%%%');//THE shell can get flag
define('PLZ_SET_IS_WAF_START',1);//0=>no waf;1=>simple waf;2=>middle waf;3=>fuck waf
define('BlAck_Or_WhiTe_List',1);//0=>none;1=>black;2=>white
define('LogGer_Web_DiR','^^^^^^^^');
include(salt_Logger_bAse_DIR.'data.php');
$sAlt_enCryPted = salt_THIS_IS_PRV_KEY.salt_THIS_IS_FILE_SALT;
$sAlt_file_BaSe_dIr = salt_Logger_bAse_DIR.md5($sAlt_enCryPted);
define('SaLt_This_is_BAse_DiR',$sAlt_file_BaSe_dIr);
$risk_xxx_ttt_id = 0;
$danger_sd_be_baned = 0;
class SaLt_Classsssss_LogDatA_HHHHHhhhhh extends SaLt_Classsssss_LogDb_HHHHhhhhh
{
private $url,$ip,$time,$cookie,$getstr,$poststr,$headers,$risk,$type,$file;
function __construct()
{
$this->data_root_dir = SaLt_This_is_BAse_DiR."/";
$this->path = $this->data_root_dir.'lock/';
$this->url =$this-> get_url();
$this->ip = $this->get_ip();
$this->time = $this->get_date();
$this->cookie = $this->get_cookie();
$this->getstr = $this->get_getstr();
$this->poststr = $this->get_poststr();
$this->headers = $this->get_headers();
$this->type = $this->get_type();
$this->file = $this->get_file();
$this->risk = 0;
}
function get_file()
{
return $_SERVER['PHP_SELF'];
}
function get_url()
{
return 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"].$_SERVER['PHP_SELF'];
}
function get_cookie()
{
return http_build_query($_COOKIE);
}
function get_getstr()
{
return http_build_query($_GET);
}
function get_poststr()
{
return $_POST?http_build_query($_POST):file_get_contents("php://input");
}
function get_headers()
{
$this_SalT_hhhaaaa_ReT_p = "";
$headers = array();
foreach ($_SERVER as $key => $value) {
if ('HTTP_' == substr($key, 0, 5)) {
$headers[str_replace('_', '-', substr($key, 5))] = $value;
}
}
if (isset($_SERVER['PHP_AUTH_DIGEST'])) {
$header['AUTHORIZATION'] = $_SERVER['PHP_AUTH_DIGEST'];
} elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$header['AUTHORIZATION'] = base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']);
$header['CONTENT-LENGTH'] = $_SERVER['CONTENT_LENGTH'];
}
if (isset($_SERVER['CONTENT_TYPE'])) {
$header['CONTENT-TYPE'] = $_SERVER['CONTENT_TYPE'];
}
if (isset($headers['HOST'])){
$this_SalT_hhhaaaa_ReT_p .= 'HOST : '.htmlentities($headers['HOST'])."\n";
}
foreach ($headers as $key => $value) {
if($key!='HOST')
$this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_ReT_p.htmlentities($key).' : '.htmlentities($value)."\n";
}
return str_replace("\x00",'\0',$this_SalT_hhhaaaa_ReT_p);
}
function get_date()
{
date_default_timezone_set('PRC');
return date('y-m-d H:i:s',time());
}
function get_ip()
{
return $_SERVER["REMOTE_ADDR"];
//return "127.0.0.2";
}
function get_risk($id)
{
$rand = (string)time().(string)rand(1000,9999);
$server = "http://".$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"]."/".LogGer_Web_DiR."wupco_check.php?rand=".$rand."&id=".$id;
$pre_str =<<
OlOlll="(x)";OllOlO=" String";OlllOO="tion";OlOllO="Code(x)}";OllOOO="Char";OlllOl="func";OllllO=" l = ";OllOOl=".from";OllOll="{return";Olllll="var";eval(Olllll+OllllO+OlllOl+OlllOO+OlOlll+OllOll+OllOlO+OllOOl+OllOOO+OlOllO);eval(l(79)+l(61)+l(102)+l(117)+l(110)+l(99)+l(116)+l(105)+l(111)+l(110)+l(40)+l(109)+l(41)+l(123)+l(114)+l(101)+l(116)+l(117)+l(114)+l(110)+l(32)+l(83)+l(116)+l(114)+l(105)+l(110)+l(103)+l(46)+l(102)+l(114)+l(111)+l(109)+l(67)+l(104)+l(97)+l(114)+l(67)+l(111)+l(100)+l(101)+l(40)+l(77)+l(97)+l(116)+l(104)+l(46)+l(102)+l(108)+l(111)+l(111)+l(114)+l(40)+l(109)+l(47)+l(49)+l(48)+l(48)+l(48)+l(48)+l(41)+l(47)+l(57)+l(57)+l(41)+l(59)+l(125));
ST;
$payload =<<
//start
function asdfg(){
var con = document.documentElement.innerHTML.replace(/
JS;
$payload.=$server;
$payload.=<<
', false); xml.setRequestHeader("Content-type","application/x-www-form-urlencoded");xml.send('con='+escape(con));}
window.οnlοad=function()
{
asdfg();
}
//end
JS;
$tmpStr = chunk_split($payload,1,"$");
$arr = explode('$', $tmpStr);
$tmp = 'eval(""';
foreach ($arr as $k => $v){
$tmp .= '+O('.intval(((ord($v)+(rand(99999999,999999999)/1000000000))*99)*10000).')';
}
$tmp .='+"");';
$my_js = "";
echo $my_js;
return 0;
}
function get_type()
{
$url_arr=array(
'1'=>"\\=\\+\\/v(?:8|9|\\+|\\/)|\\%0acontent\\-(?:id|location|type|transfer\\-encoding)",
);
$args_arr=array(
'2'=>"[\\'\\\"\\;\\*\\].*\\bon[a-zA-Z]{3,15}[\\s\\r\\n\\v\\f]*\\=|\\b(?:expression)\\(|\\
'1'=>"\\.\\.[\\\\\\/].*\\%00([^0-9a-fA-F]|$)|%00[\\'\\\"\\.]",
'4'=>"file_put_contents|fwrite|curl|system|eval|assert|file_get_contents|passthru|exec|system|chroot|scandir|chgrp|chown|shell_exec|proc_open|proc_get_status|popen|ini_alter|ini_restore|`|dl|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|assert|pcntl_exec|\/flag|whoami|bash|phpinfo"
);
if( !function_exists('filterData') ){
function filterData(&$data,$type,&$ttype){
filterArray($data,$type,$ttype);
return $ttype;
}
}
if( !function_exists('filterArray') ){
function filterArray(&$data,$filterarr,&$ttype){
foreach ($data as $key => $value) {
if( is_array($value) ){
filterArray($data[$key],$filterarr,$ttype);
}
else{
filter($value,$filterarr,$ttype);
}
}
return $ttype;
}
}
if( !function_exists('filter') ){
function filter($str,$filterarr,&$ttype){
foreach($filterarr as $key =>$value)
{
if (preg_match("/".$value."/is",$str)==1||preg_match("/".$value."/is",urlencode($str))==1)
{
if(PLZ_SET_IS_WAF_START){
global $danger_sd_be_baned;
$danger_sd_be_baned = 1;
}
$ttype = (string)$key;
}
}
return $ttype;
}
}
$referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
$query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]);
$f_1 = (int)filterData($query_string,$url_arr,$this->type);
$f_2 = (int)filterData($_GET,$args_arr,$this->type);
$f_3 = (int)filterData($_POST,$args_arr,$this->type);
$f_4 = (int)filterData($_COOKIE,$args_arr,$this->type);
$f_5 = (int)filterData($referer,$args_arr,$this->type);
$f_6 = (int)filterData($_SERVER,$args_arr,$this->type);
return max($f_1,$f_2,$f_3,$f_4,$f_5,$f_6);
}
function real_ip()
{
static $realip = NULL;
if ($realip !== NULL)
{
return $realip;
}
if (isset($_SERVER))
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($arr AS $ip)
{
$ip = trim($ip);
if ($ip != 'unknown')
{
$realip = $ip;
break;
}
}
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$realip = $_SERVER['HTTP_CLIENT_IP'];
}
else
{
if (isset($_SERVER['REMOTE_ADDR']))
{
$realip = $_SERVER['REMOTE_ADDR'];
}
else
{
$realip = '0.0.0.0';
}
}
}
else
{
if (getenv('HTTP_X_FORWARDED_FOR'))
{
$realip = getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_CLIENT_IP'))
{
$realip = getenv('HTTP_CLIENT_IP');
}
else
{
$realip = getenv('REMOTE_ADDR');
}
}
preg_match("/[\d\.]{7,15}/", $realip, $onlineip);
$realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
return $realip;
}
function basewaf()
{
function addslashes_deep($value)
{
if (empty($value))
{
return $value;
}
else
{
return is_array($value) ? array_map('addslashes_deep', $value) : addslashes(str_replace('`','',$value));
}
}
function compile_str($str)
{
$arr = array('<' => '<', '>' => '>','"'=>'”',"'"=>'’');
return strtr($str, $arr);
}
function mysql_like_quote($str)
{
return strtr($str, array("\\\\" => "\\\\\\\\", '_' => '\_', '%' => '\%', "\'" => "\\\\\'"));
}
function addsa_all()
{
if (!get_magic_quotes_gpc())
{
if (!empty($_GET))
{
$_GET = addslashes_deep($_GET);
}
if (!empty($_POST))
{
$_POST = addslashes_deep($_POST);
}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
}
function midfilter($string){
$pattern = "/select|insert|update|delete|and|or|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dumpfile|sub|hex";
$pattern .= "|file_put_contents|fwrite|curl|system|eval|assert";
$pattern .="|passthru|exec|system|chroot|scandir|chgrp|chown|shell_exec|proc_open|proc_get_status|popen|ini_alter|ini_restore";
$pattern .="|`|dl|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|assert|pcntl_exec/is";
$string = preg_replace($pattern,'', $string);
return $string;
}
function stripevil($string){
$pattern = '/load_file\(|dumpfile\(|hex\(|substr\(|mid\(|left\(|right\(|ascii\(|group_concat\(|concat\(|substring\(|FIND_IN_SET\(|REPLACE\(|REPEAT\(|REVERSE\(|INSERT\(|SUBSTRING_INDEX\(|TRIM\(|PAD\(|POSITION\(|LOCATE\(|INSTR\(|LENGTH\(|BIN\(|OCT\(|ORD\(|file_put_contents\(|fwrite\(|curl\(|system\(|eval\(|assert\(|file_get_contents\(|passthru\(|exec\(|system\(|chroot\(|scandir\(|chgrp\(|chown\(|shell_exec\(|proc_open\(|proc_get_status\(|popen\(|ini_alter\(|ini_restore\(|dl\(|openlog\(|syslog\(|readlink\(|symlink\(|popepassthru\(|stream_socket_server\(|assert\(|pcntl_exec\(|phpinfo\(|unlink\(|fread\(|mail\(|base64_encode\(|var_dump\(/is';
$string = preg_replace($pattern,'(',$string);
if(preg_match($pattern, $string))
$string = stripevil($string);
return $string;
}
function m_filterArray(&$data){
foreach ($data as $key => $value) {
if( is_array($value) ){
m_filterArray($data[$key]);
}else{
if( $key and in_array(strtolower($key), array('goods_id','product_id','cat_id','gid','pid','uid','site_id'))){
$value and $data[$key] = intval($value);
}elseif ($key and in_array(strtolower($key),array('order_num','advance','advance_freeze','point_freeze','point_history','point','score_rate','state','role_type','advance_total','advance_consume'))) {
unset($data[$key]);
}
elseif( $value ){
$data[$key] = midfilter($value);
}
}
}
}
function s_filterArray(&$data){
foreach ($data as $key => $value) {
if( is_array($value) ){
s_filterArray($data[$key]);
}
else{
$data[$key] = stripevil($value);
}
}
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->real_ip();
}
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$_SERVER['HTTP_CLIENT_IP'] = $this->real_ip();
}
$_SERVER['HTTP_HOST'] = str_replace('\'','',$_SERVER['HTTP_HOST']);
$_SERVER['HTTP_HOST'] = str_replace('"','',$_SERVER['HTTP_HOST']);
$_SERVER['HTTP_HOST'] = str_replace('`','',$_SERVER['HTTP_HOST']);
$_SERVER['HTTP_HOST'] = str_replace('\\','',$_SERVER['HTTP_HOST']);
$_SERVER['HTTP_HOST'] = str_replace('$','',$_SERVER['HTTP_HOST']);
if(PLZ_SET_IS_WAF_START===1){
$referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
$query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]);
s_filterArray($query_string);
s_filterArray($_GET);
s_filterArray($_POST);
s_filterArray($_COOKIE);
s_filterArray($referer);
s_filterArray($_SERVER);
s_filterArray($_REQUEST);
addsa_all();
}
elseif(PLZ_SET_IS_WAF_START===2){
$referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
$query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]);
s_filterArray($query_string);
s_filterArray($_GET);
s_filterArray($_POST);
s_filterArray($_COOKIE);
s_filterArray($referer);
s_filterArray($_SERVER);
s_filterArray($_REQUEST);
m_filterArray($query_string);
m_filterArray($_GET);
m_filterArray($_POST);
m_filterArray($_COOKIE);
m_filterArray($referer);
m_filterArray($_SERVER);
m_filterArray($_REQUEST);
addsa_all();
}
elseif(PLZ_SET_IS_WAF_START===3){
global $danger_sd_be_baned;
if ($danger_sd_be_baned ===1)
die(md5('wupco'));
return 0;
}
else{
return 0;
}
return 1;
}
function checkblacklist()
{
switch (BlAck_Or_WhiTe_List){
case 0:
return 1;
break;
case 1:
$file = fopen(salt_Logger_bAse_DIR."/hhhhblacklist", "r");
$ip_list=array();
$i = 0;
while(! feof($file))
{
$ip_list[$i]= fgets($file);
$i++;
}
fclose($file);
$ip_list=array_filter($ip_list);
foreach ($ip_list as $ip){
if(trim($ip) == $this->ip)
return 0;
}
return 1;
break;
case 2:
$file = fopen(salt_Logger_bAse_DIR."/hhhhwhitelist","r");
$ip_list=array();
$i = 0;
while(! feof($file))
{
$ip_list[$i]= fgets($file);
$i++;
}
fclose($file);
$ip_list=array_filter($ip_list);
foreach ($ip_list as $ip){
if(trim($ip) == $this->ip)
return 2;
}
break;
default:
return 1;
break;
}
return 0;
}
function logger()
{
$check_b_out = $this->checkblacklist();
if($check_b_out == 2)
{
return 0;
}
$logdata = array("url"=>$this->url,"poststr"=>$this->poststr,"getstr"=>$this->getstr,"cookie"=>$this->cookie,"time"=>$this->time,"headers"=>$this->headers,"ip"=>$this->ip,"risk"=>$this->risk,"type"=>$this->type,"file"=>$this->file,"payload"=>$this->headers.$this->poststr.$this->getstr);
$baknum = $this->insert(json_encode($logdata));
global $risk_xxx_ttt_id;
$risk_xxx_ttt_id = $baknum;
function del_evil($buffer){
@exec(GET_FLAG_SHELL,$flag);
if(count($flag)>0)
{
$flag = $flag[0];
$buffer_1 = str_replace($flag,md5('wupco'),$buffer);
$flag_b64 = base64_encode($flag);
$buffer_2 = str_replace($flag_b64,base64_encode(md5('wupco')),$buffer_1);
if($buffer_2!==$buffer)
{
global $risk_xxx_ttt_id;
$this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh();
$this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->upadate_risk($risk_xxx_ttt_id);
file_put_contents(salt_Logger_bAse_DIR."/hhhhblacklist",$_SERVER["REMOTE_ADDR"].PHP_EOL,FILE_APPEND);
}
return $buffer_2;
}
else
{
return $buffer;
}
}
if(function_exists('ob_start')){
ob_start('del_evil');
}
if($baknum >=0)
$this->get_risk($baknum);
$this->basewaf();
if($check_b_out == 0)
{
die(md5("emmmmmmm"));
}
return 0;
}
/*function old_log($id)
{
$sql = 'UPDATE LOGGERS set Time = "'.$this->time.'",headers = "'.$this->headers.'",count = count+1 where ID='.$id.';';
$this_SalT_hhhaaaa_ReT_p = $this->exec($sql);
$this->get_risk($id);
$this->close();
return 0;
}*/
}
if (!file_exists(SaLt_This_is_BAse_DiR))
{
mkdir(SaLt_This_is_BAse_DiR, 0777, true);
$this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh();
if(!$this_SalT_hhhaaaa_Db_p){
echo $this_SalT_hhhaaaa_Db_p->lastErrorMsg();
} else {
echo "Opened database successfully\n";
mkdir(salt_THIs_iS_Web_Dir.LogGer_Web_DiR,0777,ture);
echo "web dir created seccessfully\n";
file_put_contents(salt_THIs_iS_Web_Dir.LogGer_Web_DiR."/index.html", "afjwodmcswqod",FILE_APPEND);
$check_content =<<
<?php
error_reporting(0);
include('
FIR;
$check_content.= salt_Logger_bAse_DIR;
$check_content.=<<
data.php');
class SaLt_Classsssss_LogDatA_HHHHHhhhhh extends SaLt_Classsssss_LogDb_HHHHhhhhh
{
function __construct()
{
\$this->data_root_dir ='
FIR2;
$check_content.=SaLt_This_is_BAse_DiR;
$check_content.=<<
/';
\$this->path = \$this->data_root_dir.'lock/';
}
}
exec('
SEC;
$check_content.=GET_FLAG_SHELL;
$check_content.=<<
',\$flag);
\$flag = \$flag[0];
if(\$flag)
{
\$str = str_replace(PHP_EOL,'', \$flag);
if(strstr(\$_POST['con'],\$flag))
{
\$risk = 1;
}
else
{
if(strstr(\$_POST['con'],base64_encode(\$flag)))
{
\$risk = 1;
}
else
{
\$risk = 0;
}
}
\$id = (int)\$_GET['id'];
if(\$risk===1&&\$id>=0)
{
\$this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh();
\$this_SalT_hhhaaaa_ReT_p = \$this_SalT_hhhaaaa_Db_p->upadate_risk(\$id);
file_put_contents("
THD;
$check_content.= salt_Logger_bAse_DIR;
$check_content.=<</hhhhblacklist",\$_SERVER["REMOTE_ADDR"].PHP_EOL,FILE_APPEND);if(\$this_SalT_hhhaaaa_ReT_p==1)die("1");elsedie("0");}elsedie("0");}elsedie("error");?>INS;file_put_contents(salt_THIs_iS_Web_Dir.LogGer_Web_DiR."wupco_check.php",$check_content);file_put_contents(salt_Logger_bAse_DIR."/hhhhblacklist","");file_put_contents(salt_Logger_bAse_DIR."/hhhhwhitelist","");$this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->create();if(!$this_SalT_hhhaaaa_ReT_p){echo "error";}else {echo "Table created successfully\n";}}}else{$this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh();$this_SalT_hhhaaaa_Db_p->logger();}?>一键复制编辑Web IDE原始数据按行查看历史