Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jul 14th, 2012  |  syntax: None  |  size: 1.87 KB  |  hits: 19  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. /*
  3. Plugin Name: RFI Attack Scanner2
  4. Description: Checks if your url contains more than one http: in the url, then checks if "?" exists, and if so, considers it an RFI attack. For now, all this does is
  5. write the RFI url's to data.txt. I'd like to make it into some sort of XML graph, also including the attackers IP, Time Stamp, and show it on a wordpress admin panel for
  6. stats/graphs, etc.
  7. Version: 0.0.0.1
  8. Author: @xxdigipxx
  9. Author URI: http://www.ticktockcomputers.com
  10. License: GPLv2
  11. */
  12.  
  13. function checkPOST_RFI() {
  14.        
  15.         if (!empty($_POST)) {
  16.        
  17.         foreach($_POST as $name => $value)
  18.                 {
  19.                         if(preg_match('/(?<url>https?:\/\/[^<>[:space:]]+)/', $_POST[$name], $matches) > 0) {
  20.                         array_push($urls, $_POST[$name]);
  21.                 }
  22.         }
  23.        
  24.         foreach($urls as $index => $url) {
  25.                 $text = $url;
  26.                
  27.                 if(substr_count($text,'://') > 1) {
  28.                 $rfi = strstr($text, '?');
  29.  
  30.                 file_put_contents(dirname(__FILE__).'/data.txt', "Original URL Schema: ".$text."\r\n     RFI String Alone: ".htmlentities($rfi)."\r\n" , FILE_APPEND);
  31.                 }
  32.                
  33.                 }
  34.         }
  35. } else {
  36.  
  37.  
  38.         function curPageURL() {
  39.                 $pageURL = 'http';
  40.                 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
  41.                 $pageURL .= "://";
  42.                 if ($_SERVER["SERVER_PORT"] != "80") {
  43.                         $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
  44.                 } else {
  45.                         $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  46.                 }
  47.                 return $pageURL;
  48.         }
  49.  
  50.  
  51.  
  52.         $text = curPageURL();
  53.        
  54.         if(substr_count($text,'://') > 1) {
  55.         $rfi = strstr($text, '?');
  56.  
  57.         file_put_contents(dirname(__FILE__).'/data.txt', "Original URL Schema: ".$text."\r\n     RFI String Alone: ".htmlentities($rfi)."\r\n" , FILE_APPEND);
  58.         }
  59.  
  60. //$file = file_get_contents('./data.txt', true); //Debugging Plugin
  61. //echo $file; //Debugging Plugin
  62. }
  63.  
  64. add_action('init', 'checkPOST_RFI');
  65. add_action('init', 'curPageURL');
  66. add_action('init', 'file_put_contents');
  67.  
  68. ?>
create a new version of this paste RAW Paste Data