求分析个php代码
程序员文章站
2024-04-05 08:21:42
...
listOptions($actionTaskId); // We will actually store it for use in a second...
break;
case "stop": // Stop a specified running Task ID
$sqlmap->stopScan($actionTaskId);
break;
case "kill": // Forcefully Kill a specified running Task ID
$sqlmap->killScan($actionTaskId);
break;
case "del": // Delete a specified running Task ID
$sqlmap->deleteTaskID($actionTaskId);
break;
default: // Do Nothing if nothing is specified...
break;
}
}
}
}
?>
SQLMAP Web GUI - Admin Panel
SQLMAP Web GUI - Admin Panel";
if(isset($_SESSION['myAdminID'])) {
$taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
if(!$taskList) {
?>
[WARNING] '' - Appears to be an Invalid Admin ID!
Admin ID:
Total Number of Known Tasks:
';
echo '';
echo '
';
} else {
?>
TaskID
Target
Status
Options
checkScanStatus($t);
$taskConfig = $sqlmap->listOptions($t);
echo "";
echo "";
echo htmlentities($t, ENT_QUOTES, 'UTF-8');
echo " ";
if(sizeof($taskConfig) > 0) {
$targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " ";
} else {
echo " - ";
}
if(isset($status['status'])) {
echo "" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " ";
} else {
echo " - ";
}
echo " Conf ";
if($status['status'] == 'running') {
echo " Stop ";
echo " Kill ";
} else {
echo " - ";
echo " - ";
}
echo " Del ";
echo " ";
}
?>
[WARNING] NO Admin ID Set!
这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是
$salt = "!SQL!"; // Salt for form token hash generation
$token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
$_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification
是1-1000000加SALT的sha1加密,然后我在
[WARNING] NO Admin ID Set!
看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!
回复内容:
listOptions($actionTaskId); // We will actually store it for use in a second...
break;
case "stop": // Stop a specified running Task ID
$sqlmap->stopScan($actionTaskId);
break;
case "kill": // Forcefully Kill a specified running Task ID
$sqlmap->killScan($actionTaskId);
break;
case "del": // Delete a specified running Task ID
$sqlmap->deleteTaskID($actionTaskId);
break;
default: // Do Nothing if nothing is specified...
break;
}
}
}
}
?>
SQLMAP Web GUI - Admin Panel
SQLMAP Web GUI - Admin Panel";
if(isset($_SESSION['myAdminID'])) {
$taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
if(!$taskList) {
?>
[WARNING] '' - Appears to be an Invalid Admin ID!
Admin ID:
Total Number of Known Tasks:
';
echo '';
echo '
';
} else {
?>
TaskID
Target
Status
Options
checkScanStatus($t);
$taskConfig = $sqlmap->listOptions($t);
echo "";
echo "";
echo htmlentities($t, ENT_QUOTES, 'UTF-8');
echo " ";
if(sizeof($taskConfig) > 0) {
$targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " ";
} else {
echo " - ";
}
if(isset($status['status'])) {
echo "" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " ";
} else {
echo " - ";
}
echo " Conf ";
if($status['status'] == 'running') {
echo " Stop ";
echo " Kill ";
} else {
echo " - ";
echo " - ";
}
echo " Del ";
echo " ";
}
?>
[WARNING] NO Admin ID Set!
这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是
$salt = "!SQL!"; // Salt for form token hash generation
$token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
$_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification
是1-1000000加SALT的sha1加密,然后我在
[WARNING] NO Admin ID Set!
看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!
你通过POST传递 myAdminID,但问题是你自己输入的myAdminID是应该怎么产生的?
那个token是防止CSRF的,不是用来产生myAdminID的,至于myAdminID应该怎么产生,你应该看看这段代码:
$sqlmap->adminListTasks(trim($_SESSION['myAdminID']));