总版主
- 注册日期2010-11-25
- 发帖数385
- QQ593249217
- 火币969枚
- 粉丝282
- 关注1
|
阅读:4575回复:0
一段扫flash跨站的脚本
楼主#
更多
发布于:2010-11-26 17:34
 | |  |  | 主要是扫Externalinterface.call
<?php
/*--------------------------------123322----------------------------
#Flash文件跨站检测脚本 2010/6/3
#检测过程如下:
提取ExternalInterface.call调用的参数,检查参数是都是直接通过loaderInfo.parameters获取
#使用方法
./scan.php /as代码目录>log
----------------------------------123322---------------------------*/
set_time_limit(0);
function find($directory)
{
$mydir=dir($directory);
while($file=$mydir->read()){
if((is_dir("$directory/$file"));;($file!=".");;($file!=".."))
{
find("$directory/$file");
}
else{
if($file != "." ;; $file != "..";;eregi(".as",$file)){
$fd=realpath($directory."/".$file);
$fp = fopen($fd, "r");
$i=0;
while ($buffer = fgets($fp, 128)) {
$i++;
if(eregi("ExternalInterface.call",$buffer))
{
echo "Line".$i.":".$buffer."\r\n\r\n";
preg_match("/\((.*)\)/i", $buffer, $match);
if (strstr($match[1],"("))
{
preg_match("/\((.*)\)/i", $match[1], $newmatch);
echo "再次提取后参数包含 :".$newmatch[1]."\r\n\r\n";
$oldfp = ftell($fp);
fseek($fp, 0);
$p = 0;
while ($newbuffer = fgets($fp, 128))
{
$p++;
if(eregi("loaderInfo.parameters",$newbuffer))
{
//echo "Line".$p.":".$newbuffer."\r\n";
if (strstr($newbuffer,$newmatch[1]))
{
echo $newmatch[1]."存在漏洞\r\n\r\n";
}
}
}
fseek($fp, $oldfp);
unset($oldfp);
} elseif(strstr($match[1],","))
{
echo "多个参数:$match[1]\r\n";
if (strstr($match[1],"loaderInfo.parameters")){
echo $match[1]."直接调用loaderInfo.parameters传递存在漏洞\r\n\r\n";
}
$var_array = array();
$var_array = explode(",",$match[1]);
$oldfp = ftell($fp);
fseek($fp,0);
while ($newbuffer = fgets($fp, 128))
{
if(eregi("loaderInfo.parameters",$newbuffer))
{
//echo "Line".$p.":".$newbuffer."\r\n\r\n";
foreach ($var_array as $value)
{
if (strstr($newbuffer,$value))
{
echo trim($value)."存在漏洞\r\n\r\n";
}
}
}
}
fseek($fp, $oldfp);
unset($oldfp);
}else
{
echo "唯一参数:".$match[1]."\r\n";
if (strstr($match[1],"loaderInfo.parameters")){
echo $match[1]."直接调用loaderInfo.parameters传递存在漏洞\r\n\r\n";
}
$oldfp = ftell($fp);
fseek($fp,0);
while ($newbuffer = fgets($fp, 128))
{
if(eregi("loaderInfo.parameters",$newbuffer))
{
//echo "Line".$p.":".$newbuffer."\r\n\r\n";
if (strstr($newbuffer,$match[1]))
{
echo trim($match[1])."存在漏洞\r\n\r\n";
}
}
}
fseek($fp, $oldfp);
unset($oldfp);
}
}
}
fclose($fp);
}
}
}
$mydir->close();
}
function all()
{
static $count = 1;
echo $count;
$count++;
}
find($argv[1]);
?>
| |  | |  |
|
