Shulou(Shulou.com)06/02 Report--

This article is quoted in: journey Source Forum (www.zhengtuwl.com)-focus on all kinds of free boutique × × platform

Spent some time this week fiddling with the company's intranet forum, unfortunately found that the original xss platform failed, so found a new code to build.

Why did you choose this? the main reason is that the author uses Bootstrap to modify the default theme of xsser.me, which looks a lot taller. (as for those compatible with mobile devices, forget it.)

After downloading the source code, just modify it according to the installation instructions written by the author:

Modify the database connection fields in config.php, including database configuration (user name, password, database name), website URL path and pseudo-static configuration.

Import the xssplatform.sql from the root directory into the database.

Execute the SQL statement in the database to change the domain name in the database to your own:

UPDATE oc_module SET code=REPLACE (code,' http://xsser.me','http://yourdomain/xss')

Replace the domain name in authtest.php with your own domain name.

After the first registration is successful, modify the adminlevel corresponding to the user in the user table to 1, define yourself as a super administrator, and you can send and manage invitation codes.

Configure pseudo-static files according to the server type:

Apache

RewriteEngine OnRewriteBase /

RewriteRule ^ ([0-9a-zA-Z] {6}) $/ index.php?do=code&urlKey=$1 [L]

RewriteRule ^ do/auth/ (\ w?) (/ domain/ ([\ w\.] +?))? $/ index.php?do=do&auth=$1&domain=$3 [L]

RewriteRule ^ register/ (. *?) $/ index.php?do=register&key=$1 [L]

RewriteRule ^ register-validate/ (. *?) $/ index.php?do=register&act=validate&key=$1 [L]

Nginx

Rewrite "^ / ([0-9a-zA-Z] {6}) $" / index.php?do=code&urlKey=$1 break

Rewrite "^ / do/auth/ (wicked?) (/ domain/ ([w.] +?))? $" / index.php?do=do&auth=$1&domain=$3 break

Rewrite "^ / register/ (. *?) $" / index.php?do=register&key=$1 break

Rewrite "^ / register-validate/ (. *?) $" / index.php?do=register&act=validate&key=$1 break

Rewrite "^ / login$" / index.php?do=login break

At this point, the xss platform is finished.

I came across some bug in the process, so I made some changes to the source code.

1. Partial failure of short address interface

There is a function of translating short addresses in the project code. Of course, the original xsser.me is not available and is integrated by other authors.

The code provides short address translation for t.cn and is.gd, corresponding to lines 350 and 357 of the function in source/function.php. Since the api address of is.gd has expired, I decided to remove this piece of content.

First delete the content displayed on the page, open templates_c/%% 4D ^ 4D3 ^ 4D30CF2A% project _ viewcode.html.php, and remove the following code:

Then comment the following two lines in source/project.php:

$shortUrl2=LongUrltoShortUrl2 ($longUrl); / / short URL 2 $shortShow2=StripStr ("")

two。 Remove the timestamp after the JS address

A timestamp is added after the JS address to refresh the cached JS in the other browser after modifying the JS code. But in the actual test, I feel that the role is not very big, the general code is modified to refresh the web page is the new code. So I removed the timestamp from JS URL.

Make the following changes in source/project.php:

/ / $codeurl=URL_ROOT. "/ {$project [urlKey]}?" .time ()

$codeurl=URL_ROOT. "/ {$project [urlKey]}"

/ / $scriptShow1=StripStr ("'")

$scriptShow1=StripStr (")

/ / $code2='var b=document.createElement ("script"); b.src = "'.src." / {$project[ urlKey]}? "." + Math.random ()

(document.getElementsByTagName ("HEAD") [0] | | document.body) .appendChild (b);'

$code2='var b=document.createElement ("script"); b.src = ". URL_ROOT." / {$project [urlKey]} ".'"

(document.getElementsByTagName ("HEAD") [0] | | document.body) .appendChild (b);'

/ / $scriptShow2=StripStr ("\" >

")

$scriptShow2=StripStr ("

")

3. Partial optimization of HTML

Some of the Javascript and CSS resources in the code are obtained through foreign CDN, and sometimes the page load takes a long time to come out, so change the resources referenced in the article to local, of course, to a domestic CDN address.

Search the directory in Sublime Text to find the places referenced by jquery-1.9.1.min.js and bootstrap.min.js, then modify them to local references, and put the files in the corresponding folder in themes/default.

/ / modified to:

:

Modified to:

:

Modified to:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.