<?php
// nginx nginx.conf server_tokens off;
// apache php.ini expose_php = Off
/*
if (isset($_SERVER['HTTP_CLIENT_IP'])
|| isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !in_array(@$_SERVER['REMOTE_ADDR'], array(
'127.0.0.1',
'::1',
))
) {
header('HTTP/1.0 403 Forbidden');
exit(
'You are not allowed to access this file.'
);
}
*/
set_magic_quotes_runtime(0);
date_default_timezone_set("PRC");
// ini_set('session.hash_bits_per_character', 6);
// $session_id = rand(0, 999999);
ini_set('session.cookie_httponly', '1'); /* sessionid是否添加HTTPONLY属性 */
ini_set('session.use_trans_sid', '0'); /* 不尝试从其他地方获得sessionid */
session_name('security_private_id');
// session_id($session_id);
session_start();
// error_reporting(0);
header('Content-type:text/html; charset=UTF-8');
// header('X-XSS-Protection: 1; mode=block');
// header('X-Powered-By: TEST;');
$http_headers = headers_list();
// var_dump($http_headers);exit;
header_remove('X-Powered-By');
/*
foreach ($http_headers as $header) {
if (preg_match('/X-Powered-By/', $header)) {
header('X-Powered-By:ADTUU');
break;
}
}
*/
function _stripslashes(&$var) {
if (is_array($var)) {
foreach ($var as $key => $value) {
_stripslashes($value);
}
} else {
$var = stripslashes($var);
}
return $var;
}
function _escape_string($data, $encoding = 'UTF-8') {
return htmlspecialchars($data, ENT_QUOTES | ENT_HTML401, $encoding);
}
// var_dump(getmagic_quotes_gpc());
if (get_magic_quotes_gpc()) {
_stripslashes($_GET);
_stripslashes($_POST);
}
function input_post($param)
{
return isset($_POST[$param])
? addslashes(_escape_string($_POST[$param]))
: null;
}
$connect = mysqli_connect('localhost', 'root', '', 'security');
$connect->query('set names utf8');
if ($_POST) {
if ($_SESSION['csrf_token'] == $_POST['csrf_token'] && !empty($_POST['comment'])) {
$param = $_POST['comment'];
$query = $connect->prepare('insert into sql_in values(0, ?)');
$query->bind_param('s', $param);
$query->execute();
echo $query->insert_id , "<br /> \n";
} else {
$insert_error_message = 'Invalid csrf token or comment value is null!';
}
}
$limit = 5;
$query = $connect->prepare('select * from sql_in order by id desc limit ?');
$query->bind_param('i', $limit);
$query->execute();
$query->bind_result($id, $text);
while ($query->fetch()) {
// printf("%s %s\n", $id, $text);
// echo "id: {$id} - text: {$text} <br />";
// echo "id: {$id} - text: " . _escape_string($text) . " <br /> \n";
echo "id: {$id} - text: " . $text . " <br /> \n";
}
$query->close();
printf("Error: %s\n", mysqli_error($connect));
$connect->close();
$csrf_token = md5(uniqid() . time());
$_SESSION['csrf_token'] = $csrf_token;
$insert_error_message = isset($insert_error_message)
? '<span style="color:red">' . $insert_error_message . '</span>' : '';
echo '
<br /><br /><br />
<form action="" method="post">
Comment: '. $insert_error_message .' <br />
<textarea name="comment" rows="3" cols="20"></textarea> <br />
<input type="hidden" name="csrf_token" value="' . $csrf_token . '" />
<input type="submit" value="Send" />
</form>
';
session_write_close();
/*
$url = "http://localhost/xss.php?var=http://domain/some_image.gif' onload=alert(/xss/)";
echo "<img src='$url'>";
// echo '<a href="jAvascript:alert%252831337%2529">Hello</a>';
echo '<a href="javascript:alert(\'test\')">alert</a>';
*/
/*
$connect = mysqli_connect('localhost', 'root', '123456', 'zblog');
mysqli_query($connect, 'set names utf8');
$sql = "insert into t_at values(0, '" . addslashes($param) . "')";
mysqli_query($connect, $sql);
printf("Error: %s\n", mysqli_error($connect));
*/
/* JAVASCRIPT
function is_xss($xss) {
if (preg_match('/[&<>"\']/', $xss)) {
return true;
} else {
return false;
}
}
*/
