-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathshitbugs.php
130 lines (103 loc) · 4.02 KB
/
shitbugs.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
$windowtitle = "Admin Cruft";
require 'lib/function.php';
require 'lib/layout.php';
if (!in_array($loguser['id'], array(175, 1)) && $loguser['powerlevel'] < 1) {
print "
$header<br>
$tblstart
<tr>$tccell1>
<br>No.
<br>
</td></tr>
$tblend
$footer
";
printtimedif($startingtime);
die();
}
$expower = in_array($loguserid, array(175, 1, 2100));
if ($expower && $_GET['banip'] && $_GET['valid'] == md5($_GET['banip'] . "aglkdgslhkadgshlkgds")) {
$sql->query("INSERT INTO `ipbans` SET `ip` = '". $_GET['banip'] ."', `reason`='Abusive/unwelcome activity', `date` = '". ctime() ."', `banner` = '$loguserid'") or print mysql_error();
xk_ircsend("1|". xk(8) . $loguser['name'] . xk(7) ." added IP ban for ". xk(8) . $_GET['banip'] . xk(7) .".");
return header("Location: ?");
}
print "$header<br>";
$clearbutton = ' ';
if ($expower) {
if ($_POST['clear'])
$query = $sql -> query("TRUNCATE `minilog`");
$clearbutton = "<br><form style='margin: 0px; padding: 0px;' action='?' method='post'>$inps='clear' value='Clear log'></form><br>";
}
$banflagnames[ 1] = "union<br>select";
$banflagnames[16384] = "acunetix";
$banflagnames[ 2048] = "get<br>+";
$banflagnames[ 4] = "get<br>--";
// $banflagnames[ 8] = "get<br>;"; // Disabled. Too many false positives.
$banflagnames[ 2] = "get<br>comment";
$banflagnames[ 16] = "get<br>exec";
$banflagnames[ 32] = "get<br>password";
$banflagnames[ 4096] = "get<br>script";
$banflagnames[ 8192] = "get<br>cookie";
$banflagnames[ 64] = "cookie<br>comment";
$banflagnames[ 128] = "cookie<br>exec";
$banflagnames[ 256] = "cookieban<br>user";
$banflagnames[ 512] = "cookieban<br>nonuser";
$banflagnames[ 1024] = "non-int<br>userid";
$cells = count($banflagnames) + 4;
print "
$tblstart
<tr>$tccellh>Shitbug detection system</td></tr>
<tr>$tccell1>
<br>This page lists denied requests, showing what the reason was.
<br>$clearbutton
</td></tr>
$tblend
<br>
$tblstart
";
$colheaders = "<tr>$tccellh width='180'>Time</td>$tccellh width='50'>Count</td>$tccellh>IP</td>$tccellh width='50'> </td>";
foreach ($banflagnames as $flag => $name)
$colheaders .= "$tccellh width='60'>$name</td>";
$colheaders .= "</tr>";
print $colheaders;
$query = $sql -> query("SELECT *, (SELECT COUNT(`ip`) FROM `ipbans` WHERE `ip` = `minilog`.`ip`) AS `banned` FROM `minilog` ORDER BY `time` DESC");
$rowcnt = 0;
$lastflag = 0;
$combocount = 0;
$lastip = "";
while ($data = $sql -> fetch($query)) {
if (($lastip != $data['ip'] || $lastflag != $data['banflags']) && $lastflag != 0) {
$rowcnt++;
print str_replace("%%%COMBO%%%", ($combocount > 1 ? " ×$combocount" : ""), $tempout);
if (!($rowcnt % 50))
print $colheaders;
elseif ($lastip != $data['ip'])
print "<tr>$tccellh colspan='$cells'><img src='images/_.gif' height=5 width=5></td></tr>";
$tempout = "";
$combocount = 0;
}
$lastip = $data['ip'];
$lastflag = $data['banflags'];
$combocount++;
if ($combocount == 1) {
$tempout = "<tr>$tccell1>". date("m-d-y H:i:s", $data['time']) ."</td>$tccell1>%%%COMBO%%%</td>$tccell1><a href='ipsearch.php?ip=". $data['ip'] ."'>". $data['ip'] ."</a></td>";
if ($data['banned'])
$tempout .= "$tccell1s><span style='color: #f88; font-weight: bold;'>Banned</span></td>";
elseif ($expower)
$tempout .= "$tccell1s><a href=?banip={$data['ip']}&valid=". md5($data['ip'] . "aglkdgslhkadgshlkgds") .">Ban</a></td>";
else
$tempout .= "$tccell1s> </td>";
foreach ($banflagnames as $flag => $name) {
if ($data['banflags'] & $flag)
$tempout .= "$tccellc width='60'>Hit</td>";
else
$tempout .= "$tccell2 width='60'> </td>";
}
$tempout .= "</tr>";
}
}
print str_replace("%%%COMBO%%%", ($combocount > 1 ? " ×$combocount" : ""), $tempout);
print "$tblend $footer";
printtimedif($startingtime);
?>