欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

求分析个php代码

程序员文章站 2024-04-05 08:21:42
...
listOptions($actionTaskId); // We will actually store it for use in a second...
            break;

          case "stop": // Stop a specified running Task ID
            $sqlmap->stopScan($actionTaskId);
            break;

          case "kill": // Forcefully Kill a specified running Task ID
            $sqlmap->killScan($actionTaskId);
            break;

          case "del": // Delete a specified running Task ID
            $sqlmap->deleteTaskID($actionTaskId);
            break;

          default: // Do Nothing if nothing is specified...
            break;
        }
      }
    }
  }
?>



  
SQLMAP Web GUI - Admin Panel





SQLMAP Web GUI - Admin Panel"; if(isset($_SESSION['myAdminID'])) { $taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID'])); if(!$taskList) { ?>
[WARNING] '' - Appears to be an Invalid Admin ID!




Admin ID:
Total Number of Known Tasks:




'; echo ''; echo '
'; } else { ?> checkScanStatus($t); $taskConfig = $sqlmap->listOptions($t); echo ""; echo ""; if(sizeof($taskConfig) > 0) { $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST); echo ""; } else { echo ""; } if(isset($status['status'])) { echo ""; } else { echo ""; } echo ""; if($status['status'] == 'running') { echo ""; echo ""; } else { echo ""; echo ""; } echo ""; echo ""; } ?>
TaskID Target Status Options
"; echo htmlentities($t, ENT_QUOTES, 'UTF-8'); echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " - " . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " - Conf Stop Kill - - Del

[WARNING] NO Admin ID Set!








这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  $salt = "!SQL!";                            // Salt for form token hash generation
  $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  $_SESSION['token'] = $token;                // Set CSRF Token for Form SubmitVerification

是1-1000000加SALT的sha1加密,然后我在

          
[WARNING] NO Admin ID Set!

看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!

回复内容:

listOptions($actionTaskId); // We will actually store it for use in a second...
            break;

          case "stop": // Stop a specified running Task ID
            $sqlmap->stopScan($actionTaskId);
            break;

          case "kill": // Forcefully Kill a specified running Task ID
            $sqlmap->killScan($actionTaskId);
            break;

          case "del": // Delete a specified running Task ID
            $sqlmap->deleteTaskID($actionTaskId);
            break;

          default: // Do Nothing if nothing is specified...
            break;
        }
      }
    }
  }
?>



  
SQLMAP Web GUI - Admin Panel





SQLMAP Web GUI - Admin Panel"; if(isset($_SESSION['myAdminID'])) { $taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID'])); if(!$taskList) { ?>
[WARNING] '' - Appears to be an Invalid Admin ID!




Admin ID:
Total Number of Known Tasks:




'; echo ''; echo '
'; } else { ?> checkScanStatus($t); $taskConfig = $sqlmap->listOptions($t); echo ""; echo ""; if(sizeof($taskConfig) > 0) { $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST); echo ""; } else { echo ""; } if(isset($status['status'])) { echo ""; } else { echo ""; } echo ""; if($status['status'] == 'running') { echo ""; echo ""; } else { echo ""; echo ""; } echo ""; echo ""; } ?>
TaskID Target Status Options
"; echo htmlentities($t, ENT_QUOTES, 'UTF-8'); echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " - " . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " - Conf Stop Kill - - Del

[WARNING] NO Admin ID Set!








这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  $salt = "!SQL!";                            // Salt for form token hash generation
  $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  $_SESSION['token'] = $token;                // Set CSRF Token for Form SubmitVerification

是1-1000000加SALT的sha1加密,然后我在

          
[WARNING] NO Admin ID Set!

看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!

你通过POST传递 myAdminID,但问题是你自己输入的myAdminID是应该怎么产生的?

那个token是防止CSRF的,不是用来产生myAdminID的,至于myAdminID应该怎么产生,你应该看看这段代码:

$sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
相关标签: php