发php源码链接,免费帮找漏洞
3 个赞
你就发了个php单页?这echo肯定没有啊,发个压缩包过来
把源码发过来更方便点
1 个赞
go自己写的,不好发。
那你可以用我的工具自己检测,是php的源码吗
你可以自己分析分析,就是你看看你那些参数有没有过滤什么的,不会可以截图给我我帮你分析
漏洞发生点扫描
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<title>漏洞扫描报告</title>
<style>
body { font-family: Arial, sans-serif; background-color: #f5f5f5; margin: 0; padding: 0; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); }
h1 { text-align: center; color: #333; }
.collapsible { cursor: pointer; padding: 10px; width: 100%; border: none; text-align: left; outline: none; font-size: 15px; margin-top: 5px; background-color: #e7e7e7; }
.active, .collapsible:hover { background-color: #cccccc; }
.content { display: none; overflow: hidden; background-color: #f9f9f9; padding: 15px; }
table { width: 100%; border-collapse: collapse; }
th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
th { background-color: #f2f2f2; }
tr:nth-child(even) { background-color: #f2f2f2; }
.scrollable { overflow-x: auto; } /* 启用水平滚动条 */
/* 新增CSS样式以支持垂直滚动 */
.scrollable-text {
max-height: 100px; /* 最大高度,根据需要调整 */
overflow-y: auto; /* 启用垂直滚动条 */
white-space: pre-wrap; /* 保持文本的格式,如空格和换行 */
}
</style>
</head>
<body>
<div class="container">
<h1>安全扫描报告</h1>
<?php
$baseDir = __DIR__; // 获取当前脚本的目录
$issuesCategories = [];
$directory = new RecursiveDirectoryIterator($baseDir, RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($directory, RecursiveIteratorIterator::LEAVES_ONLY);
$patterns = [
'/\b(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|REPLACE|TRUNCATE|DROP)\b/i' => 'SQL注入',
'/(move_uploaded_file|copy|file_put_contents)\s*\(/i' => '文件上传',
'/(system|exec|shell_exec|passthru|eval|assert|preg_replace|base64_decode|pcntl_exec|proc_open|popen)\s*\(/i' => '命令执行',
'/unserialize\s*\(/i' => '反序列化漏洞',
'/php:\/\/(input|filter|memory|temp)/i' => '伪协议漏洞',
'/(intval|floatval|doubleval|strval|boolval)\s*\(/i' => '类型转换缺陷',
'/(gzinflate|gzuncompress|str_rot13|strrev|base64_encode|base64_decode)\s*\(/i' => '编码/解码函数使用',
'/(ob_start|ob_flush|ob_clean|ob_end_clean|ob_end_flush)\s*\(/i' => '输出控制函数使用',
'/(array_map|array_filter|array_reduce|array_walk)\s*\(/i' => '数组操作函数使用',
'/(create_function|eval)\s*\(/i' => '动态代码执行',
'/\$_(GET|POST)\[[^\]]+\]/' => 'GET/POST参数',
'/\b(fopen|readfile|file_get_contents|file)\s*\(/i' => '文件读取漏洞',
];
$variableTracePattern = '/\$(\w+)/';
foreach ($files as $file) {
if ($file->getExtension() == "php") {
$absoluteFilename = $file->getRealPath();
$relativeFilename = str_replace($baseDir . DIRECTORY_SEPARATOR, '', $absoluteFilename); // 转换为相对路径
$fileContent = file_get_contents($absoluteFilename);
$lines = explode("\n", $fileContent);
foreach ($patterns as $pattern => $issue) {
foreach ($lines as $lineNumber => $lineContent) {
if (preg_match($pattern, $lineContent, $matches)) {
$issueDetail = [
'filename' => $relativeFilename, // 使用相对路径
'lineNumber' => $lineNumber + 1,
'match' => $lineContent
];
$issuesCategories[$issue][] = $issueDetail;
}
}
}
}
}
foreach ($issuesCategories as $category => $issues) {
echo "<button class=\"collapsible\">$category (" . count($issues) . ")</button>";
echo "<div class=\"content\">";
echo "<table><tr><th>文件名</th><th>行号</th><th>具体代码</th></tr>";
foreach ($issues as $issue) {
echo "<tr><td>" . htmlentities($issue['filename']) . "</td><td>" . $issue['lineNumber'] . "</td><td class=\"scrollable-text\">" . htmlentities($issue['match']) . "</td>";
echo "</tr>";
}
echo "</table></div>";
}
?>
</div>
<script>
var coll = document.getElementsByClassName("collapsible");
for (var i = 0; i < coll.length; i++) {
coll[i].addEventListener("click", function() {
this.classList.toggle("active");
var content = this.nextElementSibling;
content.style.display = content.style.display === "block" ? "none" : "block";
});
}
</script>
</body>
</html>
变量名追溯
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<title>变量名追溯报告</title>
<style>
body { font-family: Arial, sans-serif; background-color: #f5f5f5; margin: 0; padding: 0; }
.container { max-width: 800px; margin: 0 auto; padding: 20px; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); }
h1 { text-align: center; color: #333; }
.form-input { text-align: center; margin-bottom: 20px; }
input[type="text"], input[type="submit"] { padding: 10px; }
input[type="text"] { width: 300px; margin-right: 10px; }
.collapsible { cursor: pointer; padding: 10px; width: 100%; border: none; text-align: left; outline: none; font-size: 15px; margin-top: 5px; background-color: #e7e7e7; }
.active, .collapsible:hover { background-color: #cccccc; }
.content { display: none; overflow: hidden; background-color: #f9f9f9; padding: 15px; }
table { width: 100%; border-collapse: collapse; }
th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
th { background-color: #f2f2f2; }
tr:nth-child(even) { background-color: #f2f2f2; }
.scrollable-text { max-height: 100px; overflow-y: auto; white-space: pre-wrap; }
</style>
</head>
<body>
<div class="container">
<h1>变量名追溯报告</h1>
<div class="form-input">
<form action="" method="get">
<input type="text" name="varName" placeholder="请输入变量名" required>
<input type="submit" value="搜索">
</form>
</div>
<?php
if (isset($_GET['varName'])) {
$baseDir = __DIR__; // 获取当前脚本的目录
$inputVarName = $_GET['varName'];
$fileOccurrences = [];
function analyzeFile($filePath, $inputVarName) {
$content = file_get_contents($filePath);
if (preg_match_all('/\$' . preg_quote($inputVarName, '/') . '\b/', $content, $matches)) {
$relativePath = str_replace($GLOBALS['baseDir'] . DIRECTORY_SEPARATOR, '', $filePath);
$lines = file($filePath);
foreach ($lines as $lineNumber => $line) {
if (strpos($line, '$' . $inputVarName) !== false) {
$GLOBALS['fileOccurrences'][$relativePath][] = [
'line' => $lineNumber + 1,
'code' => trim($line)
];
}
}
}
}
function listFolderFiles($dir, $inputVarName) {
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($dir, FilesystemIterator::SKIP_DOTS),
RecursiveIteratorIterator::LEAVES_ONLY
);
foreach ($iterator as $file) {
if ($file->getExtension() === 'php') {
analyzeFile($file->getPathname(), $inputVarName);
}
}
}
listFolderFiles($baseDir, $inputVarName);
foreach ($fileOccurrences as $filePath => $occurrences) {
echo "<button class=\"collapsible\">文件: " . htmlspecialchars($filePath) . " (" . count($occurrences) . "个匹配项)</button>";
echo "<div class=\"content\"><table><tr><th>行号</th><th>代码</th></tr>";
foreach ($occurrences as $occurrence) {
echo "<tr><td>" . htmlentities($occurrence['line']) . "</td><td class=\"scrollable-text\">" . htmlentities($occurrence['code']) . "</td></tr>";
}
echo "</table></div>";
}
}
?>
</div>
<script>
var coll = document.getElementsByClassName("collapsible");
for (var i = 0; i < coll.length; i++) {
coll[i].addEventListener("click", function() {
this.classList.toggle("active");
var content = this.nextElementSibling;
content.style.display = content.style.display === "block" ? "none" : "block";
});
}
</script>
</body>
</html>
你说的对,我怎么以前没看到过
但是我的小巧便捷快速
必须PHP么?
大佬牛
Fortify SCA, Checkmarx还有Sonarqube Datacenter Edition网上都有靠谱且安全的破解版,虽然楼主的审计工具写得很好,kunlun-m也很好,但是和顶尖的商业代码审计工具还是没法比的。另外Github项目还可以配置codeql自动代码审计,也挺强大的。个人写的审计工具的漏报率一般比这些还是要高很多的
::源码发来,源码审查方便点。