当前位置: 首页>>代码示例>>PHP>>正文


PHP http_class::ReadWholeReplyBody方法代码示例

本文整理汇总了PHP中http_class::ReadWholeReplyBody方法的典型用法代码示例。如果您正苦于以下问题:PHP http_class::ReadWholeReplyBody方法的具体用法?PHP http_class::ReadWholeReplyBody怎么用?PHP http_class::ReadWholeReplyBody使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在http_class的用法示例。


在下文中一共展示了http_class::ReadWholeReplyBody方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: PNB_getPingbackUrl

/**
 * Get the Pingback URL for a given URL
 *
 * @param    string $url URL to get the Pingback URL for
 * @return   string          Pingback URL or empty string
 */
function PNB_getPingbackUrl($url)
{
    $retval = '';
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    $http->debug = 0;
    $http->html_debug = 0;
    $http->user_agent = 'glFusion/' . GVERSION;
    $error = $http->GetRequestArguments($url, $arguments);
    $error = $http->Open($arguments);
    $error = $http->SendRequest($arguments);
    if ($error == "") {
        $http->ReadReplyHeaders($headers);
        if (isset($headers['x-pingback'])) {
            $retval = $headers['x-pingback'];
        } else {
            COM_errorLog("Pingback (HEAD): unable to locate x-pingback header");
        }
    } else {
        COM_errorLog('Pingback (HEAD): ' . $error);
        return false;
    }
    if (empty($retval)) {
        // search for <link rel="pingback">
        $http = new http_class();
        $http->timeout = 0;
        $http->data_timeout = 0;
        $http->debug = 0;
        $http->html_debug = 0;
        $http->user_agent = 'glFusion/' . GVERSION;
        $error = $http->GetRequestArguments($url, $arguments);
        $error = $http->Open($arguments);
        $error = $http->SendRequest($arguments);
        if ($error == "") {
            $http->ReadReplyHeaders($headers);
            if ($http->response_status == 200) {
                $error = $http->ReadWholeReplyBody($body);
                if ($error != "" && strlen($body) === 0) {
                    COM_errorLog("Pingback (GET): unable to retrieve response body");
                    return false;
                }
            } else {
                COM_errorLog("Pingback (GET): Got HTTP response code " . $http->response_status . " when requesting " . $url);
                return false;
            }
        } else {
            COM_errorLog("Pingback (GET): " . $error . " when requesting " . $url);
            return false;
        }
        // only search for the first match - it doesn't make sense to have
        // more than one pingback URL
        $found = preg_match("/<link rel=\"pingback\"[^>]*href=[\"']([^\"']*)[\"'][^>]*>/i", $body, $matches);
        if ($found === 1 && !empty($matches[1])) {
            $url = str_replace('&amp;', '&', $matches[1]);
            $retval = urldecode($url);
        }
    }
    return $retval;
}
开发者ID:spacequad,项目名称:glfusion,代码行数:66,代码来源:lib-pingback.php

示例2: SendAPIRequest


//.........这里部分代码省略.........
             } else {
                 $post_values = $values;
             }
         }
     }
     if (strlen($error = $http->GetRequestArguments($url, $arguments))) {
         return $this->SetError('it was not possible to open the ' . $options['Resource'] . ' URL: ' . $error);
     }
     if (strlen($error = $http->Open($arguments))) {
         return $this->SetError('it was not possible to open the ' . $options['Resource'] . ' URL: ' . $error);
     }
     $arguments['RequestMethod'] = $method;
     switch ($type) {
         case 'application/x-www-form-urlencoded':
             if (isset($options['RequestBody'])) {
                 return $this->SetError('the request body is defined automatically from the parameters');
             }
             $arguments['PostValues'] = $parameters;
             break;
         case 'application/json':
             $arguments['Headers']['Content-Type'] = $options['RequestContentType'];
             if (!isset($options['RequestBody'])) {
                 $arguments['Body'] = json_encode($parameters);
                 break;
             }
         default:
             if (!isset($options['RequestBody'])) {
                 return $this->SetError('it was not specified the body value of the of the API call request');
             }
             $arguments['Headers']['Content-Type'] = $options['RequestContentType'];
             $arguments['Body'] = $options['RequestBody'];
             break;
     }
     $arguments['Headers']['Accept'] = isset($options['Accept']) ? $options['Accept'] : '*/*';
     if (strlen($authorization)) {
         $arguments['Headers']['Authorization'] = $authorization;
     }
     if (strlen($error = $http->SendRequest($arguments)) || strlen($error = $http->ReadReplyHeaders($headers))) {
         $http->Close();
         return $this->SetError('it was not possible to retrieve the ' . $options['Resource'] . ': ' . $error);
     }
     $error = $http->ReadWholeReplyBody($data);
     $http->Close();
     if (strlen($error)) {
         return $this->SetError('it was not possible to access the ' . $options['Resource'] . ': ' . $error);
     }
     $this->response_status = intval($http->response_status);
     $content_type = isset($headers['content-type']) ? strtolower(trim(strtok($headers['content-type'], ';'))) : 'unspecified';
     switch ($content_type) {
         case 'text/javascript':
         case 'application/json':
             if (!function_exists('json_decode')) {
                 return $this->SetError('the JSON extension is not available in this PHP setup');
             }
             $object = json_decode($data);
             switch (GetType($object)) {
                 case 'object':
                     if (!isset($options['ConvertObjects']) || !$options['ConvertObjects']) {
                         $response = $object;
                     } else {
                         $response = array();
                         foreach ($object as $property => $value) {
                             $response[$property] = $value;
                         }
                     }
                     break;
                 case 'array':
                     $response = $object;
                     break;
                 default:
                     if (!isset($object)) {
                         return $this->SetError('it was not returned a valid JSON definition of the ' . $options['Resource'] . ' values');
                     }
                     $response = $object;
                     break;
             }
             break;
         case 'application/x-www-form-urlencoded':
         case 'text/plain':
         case 'text/html':
             parse_str($data, $response);
             break;
         default:
             $response = $data;
             break;
     }
     if ($this->response_status >= 200 && $this->response_status < 300) {
         $this->access_token_error = '';
     } else {
         $this->access_token_error = 'it was not possible to access the ' . $options['Resource'] . ': it was returned an unexpected response status ' . $http->response_status . ' Response: ' . $data;
         if ($this->debug) {
             $this->OutputDebug('Could not retrieve the OAuth access. Error: ' . $this->access_token_error);
         }
         if (isset($options['FailOnAccessError']) && $options['FailOnAccessError']) {
             $this->error = $this->access_token_error;
             return false;
         }
     }
     return true;
 }
开发者ID:huangciyin,项目名称:pH7-Social-Dating-CMS,代码行数:101,代码来源:oauth_client.php

示例3: PNB_handlePingback

/**
 * Handle a pingback for an entry.
 * Also takes care of the speedlimit and spam. Assumes that the caller of this
 * function has already checked permissions!
 *
 * @param    string $id     ID of entry that got pinged
 * @param    string $type   type of that entry ('article' for stories, etc.)
 * @param    string $url    URL of the page that pinged us
 * @param    string $oururl URL that got pinged on our site
 * @return   object          XML-RPC response
 */
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } elseif ($_CONF['pingback_self'] == 2) {
            $skip_speedlimit = true;
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    $http->debug = 0;
    $http->html_debug = 0;
    $http->user_agent = 'glFusion/' . GVERSION;
    $error = $http->GetRequestArguments($url, $arguments);
    $error = $http->Open($arguments);
    $error = $http->SendRequest($arguments);
    if ($error == "") {
        $http->ReadReplyHeaders($headers);
        if ($http->response_status == 200) {
            $error = $http->ReadWholeReplyBody($body);
            if ($error == "" || strlen($body) > 0) {
                if ($_CONF['check_trackback_link'] & 3) {
                    if (!TRB_containsBacklink($body, $oururl)) {
                        TRB_logRejected('Pingback: No link to us', $url);
                        $comment = TRB_formatComment($url);
                        PLG_spamAction($comment, $_CONF['spamx']);
                        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                    }
                }
                preg_match(':<title>(.*)</title>:i', $body, $content);
                if (empty($content[1])) {
                    $title = '';
                    // no title found
                } else {
                    $title = trim(COM_undoSpecialChars($content[1]));
                }
                if ($_CONF['pingback_excerpt']) {
                    // Check which character set the site that sent the Pingback
                    // is using
                    $charset = 'ISO-8859-1';
                    // default, see RFC 2616, 3.7.1
                    $ctype = $headers['content-type'];
                    $c = explode(';', $ctype);
                    foreach ($c as $ct) {
                        $ch = explode('=', trim($ct));
                        if (count($ch) === 2) {
                            if (trim($ch[0]) === 'charset') {
                                $charset = trim($ch[1]);
//.........这里部分代码省略.........
开发者ID:spacequad,项目名称:glfusion,代码行数:101,代码来源:pingback.php

示例4: testAuthenticationSQLi


//.........这里部分代码省略.........
            array_push($arrayOfInputFields, $inputField);
        }
        $formNum++;
    }
    //At this stage, we should have captured all forms and their input fields into the appropriate arrays
    //Begin testing each of the forms
    //Defintion of all payloads used and warnings to examine for
    //Payloads can be added to this
    $arrayOfPayloads = array("1'or'1'='1", "1'or'1'='1';#");
    //Check if the URL passed into this function displays the same webpage at different intervals
    //If it does then attempt to login and if this URL displays a different page, the vulnerability is present
    //e.g. a login page would always look different when you are and are not logged in
    $log->lwrite("Checking if {$urlToCheck} displays the same page at different intervals");
    $responseBodies = array();
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    //$http->debug=1;
    $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
    $http->follow_redirect = 1;
    $http->redirection_limit = 5;
    $http->setTestId($testId);
    for ($a = 0; $a < 3; $a++) {
        $error = $http->GetRequestArguments($urlToCheck, $arguments);
        $error = $http->Open($arguments);
        if ($error == "") {
            $number = $a + 1;
            $log->lwrite("Sending HTTP request number {$number} to {$urlToCheck}");
            $error = $http->SendRequest($arguments);
            if ($error == "") {
                $headers = array();
                $error = $http->ReadReplyHeaders($headers);
                if ($error == "") {
                    $error = $http->ReadWholeReplyBody($body);
                    if (strlen($error) == 0) {
                        array_push($responseBodies, $body);
                    }
                }
            }
            $http->Close();
        }
        if (strlen($error)) {
            echo "<H2 align=\"center\">Error: a= {$a} ", $error, "</H2>\n";
        }
    }
    $pageChanges = true;
    $bodyOfUrl = "";
    if ($responseBodies[0] == $responseBodies[1] && $responseBodies[1] == $responseBodies[2]) {
        $bodyOfUrl = $responseBodies[0];
        $pageChanges = false;
    }
    $log->lwrite('Beginning testing of forms');
    for ($i = 0; $i < sizeof($arrayOfForms); $i++) {
        $currentForm = $arrayOfForms[$i];
        $currentFormId = $currentForm->getId();
        $currentFormName = $currentForm->getName();
        $currentFormMethod = $currentForm->getMethod();
        $currentFormAction = $currentForm->getAction();
        $currentFormNum = $currentForm->getFormNum();
        $arrayOfCurrentFormsInputs = array();
        $log->lwrite("Beginning testing of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
        for ($j = 0; $j < sizeof($arrayOfInputFields); $j++) {
            $currentInput = $arrayOfInputFields[$j];
            $currentInputIdOfForm = $currentInput->getIdOfForm();
            $currentInputNameOfForm = $currentInput->getNameOfForm();
            $currentInputFormNum = $currentInput->getFormNum();
开发者ID:3nj0y,项目名称:webvulscan,代码行数:67,代码来源:testAuthenticationSQLi.php

示例5: SendAPIRequest


//.........这里部分代码省略.........
             $arguments['Body'] = isset($options['RequestBody']) ? $options['RequestBody'] : json_encode($parameters);
             break;
         default:
             if (!isset($options['RequestBody'])) {
                 if (isset($options['RequestContentType'])) {
                     return $this->SetError('it was not specified the body value of the of the API call request');
                 }
                 break;
             }
             $arguments['Headers']['Content-Type'] = $options['RequestContentType'];
             $arguments['Body'] = $options['RequestBody'];
             break;
     }
     $arguments['Headers']['Accept'] = isset($options['Accept']) ? $options['Accept'] : '*/*';
     switch ($authentication = isset($options['AccessTokenAuthentication']) ? strtolower($options['AccessTokenAuthentication']) : '') {
         case 'basic':
             $arguments['Headers']['Authorization'] = 'Basic ' . base64_encode($this->client_id . ':' . ($this->get_token_with_api_key ? $this->api_key : $this->client_secret));
             break;
         case '':
             if (strlen($authorization)) {
                 $arguments['Headers']['Authorization'] = $authorization;
             }
             break;
         default:
             return $this->SetError($authentication . ' is not a supported authentication mechanism to retrieve an access token');
     }
     if (isset($options['RequestHeaders'])) {
         $arguments['Headers'] = array_merge($arguments['Headers'], $options['RequestHeaders']);
     }
     if (strlen($error = $http->SendRequest($arguments)) || strlen($error = $http->ReadReplyHeaders($headers))) {
         $http->Close();
         return $this->SetError('it was not possible to retrieve the ' . $options['Resource'] . ': ' . $error);
     }
     $error = $http->ReadWholeReplyBody($data);
     $http->Close();
     if (strlen($error)) {
         return $this->SetError('it was not possible to access the ' . $options['Resource'] . ': ' . $error);
     }
     $this->response_status = intval($http->response_status);
     $content_type = isset($options['ResponseContentType']) ? $options['ResponseContentType'] : (isset($headers['content-type']) ? strtolower(trim(strtok($headers['content-type'], ';'))) : 'unspecified');
     $content_type = preg_replace('/^(.+\\/).+\\+(.+)$/', '\\1\\2', $content_type);
     switch ($content_type) {
         case 'text/javascript':
         case 'application/json':
             if (!function_exists('json_decode')) {
                 return $this->SetError('the JSON extension is not available in this PHP setup');
             }
             $object = json_decode($data);
             switch (GetType($object)) {
                 case 'object':
                     if (!isset($options['ConvertObjects']) || !$options['ConvertObjects']) {
                         $response = $object;
                     } else {
                         $response = array();
                         foreach ($object as $property => $value) {
                             $response[$property] = $value;
                         }
                     }
                     break;
                 case 'array':
                     $response = $object;
                     break;
                 default:
                     if (!isset($object)) {
                         return $this->SetError('it was not returned a valid JSON definition of the ' . $options['Resource'] . ' values');
                     }
开发者ID:sukanyamandal,项目名称:open,代码行数:67,代码来源:oauth_client.php

示例6: testDirectoryListingEnabled

function testDirectoryListingEnabled($urlToScan, $siteBeingTested, $testId, $crawlUrlFlag)
{
    connectToDb($db);
    updateStatus($db, "Testing for {$urlToScan} for Directory Listing enabled...", $testId);
    $log = new Logger();
    $log->lfile('logs/eventlogs');
    $log->lwrite("Testing for {$urlToScan} for Directory Listing enabled");
    if ($crawlUrlFlag) {
        //Perform crawl again but allow images, etc. this time to capture every URL
        $crawlerNew =& new MyCrawler();
        $crawlerNew->setURL($urlToScan);
        $crawlerNew->setTestId($testId);
        $crawlerNew->addReceiveContentType("/text\\/html/");
        $crawlerNew->setCookieHandling(true);
        $crawlerNew->setFollowMode(3);
        $log->lwrite("Crawling {$urlToScan} again for all links including images, css, etc, in order to identify directories");
        $crawlerNew->go();
        $urlsFound = $crawlerNew->urlsFound;
        $logStr = sizeof($urlsFound) . ' URLs found for test: ' . $testId;
        $log->lwrite("All URLs found during crawl for directory listing check:");
        foreach ($urlsFound as $currentUrl) {
            $log->lwrite($currentUrl);
        }
        $relativePathUrls = array();
        foreach ($urlsFound as $currentUrl) {
            $currentUrl = str_replace($urlToScan, '', $currentUrl);
            array_push($relativePathUrls, $currentUrl);
        }
        $directories = array();
        //Check if relative path contain a directory and if they do, add it to a list of directories
        foreach ($relativePathUrls as $relativePathUrl) {
            if (dirname($relativePathUrl) != '.') {
                $dir = dirname($relativePathUrl);
                if (!in_array($dir, $directories) && !empty($dir) && !strpos($dir, '?')) {
                    array_push($directories, $dir);
                    $log->lwrite("Found directory {$dir}");
                }
            }
        }
    } else {
        $directories = array(1);
    }
    //Just need to make an array of size one so the for loop below iterates once
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    //$http->debug=1;
    $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
    $http->follow_redirect = 1;
    $http->redirection_limit = 5;
    $http->setTestId($testId);
    //Regular expressions that will indicate directory listing is enabled
    $regexs = array("/Parent Directory/", "/\\bDirectory Listing\\b.*(Tomcat|Apache)/", "/Parent directory/", "/\\bDirectory\\b/", "/[\\s<]+IMG\\s*=/");
    //General
    foreach ($directories as $directory) {
        if ($crawlUrlFlag) {
            $testUrl = $urlToScan . $directory . '/';
        } else {
            $testUrl = $siteBeingTested;
        }
        $error = $http->GetRequestArguments($testUrl, $arguments);
        $error = $http->Open($arguments);
        $log->lwrite("URL to be requested is: {$testUrl}");
        if ($error == "") {
            $log->lwrite("Sending HTTP request to {$testUrl}");
            $error = $http->SendRequest($arguments);
            if ($error == "") {
                $headers = array();
                $error = $http->ReadReplyHeaders($headers);
                if ($error == "") {
                    $responseCode = $http->response_status;
                    //This is a string
                    $log->lwrite("Received response code: {$responseCode}");
                    if (intval($responseCode) >= 200 && intval($responseCode) < 300) {
                        $vulnerabilityFound = false;
                        $error = $http->ReadWholeReplyBody($body);
                        if (strlen($error) == 0) {
                            $indicatorStr = '';
                            if (preg_match($regexs[0], $body)) {
                                $vulnerabilityFound = true;
                                $indicatorStr = $regexs[0];
                            } else {
                                if (preg_match($regexs[1], $body)) {
                                    $vulnerabilityFound = true;
                                    $indicatorStr = $regexs[1];
                                } else {
                                    if (preg_match($regexs[2], $body)) {
                                        $vulnerabilityFound = true;
                                        $indicatorStr = $regexs[2];
                                    } else {
                                        if (preg_match($regexs[3], $body)) {
                                            if (preg_match($regexs[4], $body)) {
                                                $vulnerabilityFound = true;
                                                $indicatorStr = $regexs[3] . ' and ' . $regexs[4];
                                            }
                                        }
                                    }
                                }
                            }
                            if ($vulnerabilityFound) {
//.........这里部分代码省略.........
开发者ID:3nj0y,项目名称:webvulscan,代码行数:101,代码来源:testDirectoryListingEnabled.php

示例7: testForReflectedXSS

function testForReflectedXSS($urlToCheck, $urlOfSite, $testId)
{
    connectToDb($db);
    updateStatus($db, "Testing {$urlToCheck} for Reflected Cross-Site Scripting...", $testId);
    $log = new Logger();
    $log->lfile('logs/eventlogs');
    $log->lwrite("Starting Reflected XXS test function on {$urlToCheck}");
    $postUrl = $urlToCheck;
    $postUrlPath = parse_url($postUrl, PHP_URL_PATH);
    //Check URL is not responding with 5xx codes
    $log->lwrite("Checking what response code is received from {$urlToCheck}");
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    //$http->debug=1;
    $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
    $http->follow_redirect = 1;
    $http->redirection_limit = 5;
    $http->setTestId($testId);
    $error = $http->GetRequestArguments($urlToCheck, $arguments);
    $error = $http->Open($arguments);
    $log->lwrite("URL to be requested is: {$urlToCheck}");
    if ($error == "") {
        $log->lwrite("Sending HTTP request to {$urlToCheck}");
        $error = $http->SendRequest($arguments);
        if ($error == "") {
            $headers = array();
            $error = $http->ReadReplyHeaders($headers);
            if ($error == "") {
                $responseCode = $http->response_status;
                //This is a string
                $log->lwrite("Received response code: {$responseCode}");
                if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
                    $log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
                    return;
                }
            }
        }
        $http->Close();
    }
    if (strlen($error)) {
        echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
        $log->lwrite("Error: {$error}");
    }
    $html = file_get_html($postUrl, $testId);
    if (empty($html)) {
        //This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
        $log->lwrite("Problem getting contents from {$urlToCheck}");
        return;
    }
    //Submit these
    //If adding string to this array, add a corresponding string (to look for in response), with he same index, in the array below
    //The response to look for can be the same as the payload or different.
    $payloads = array('<webvulscan>', 'javascript:alert(webvulscan)');
    //Look for these in response after submitting corresponding payload
    $harmfulResponses = array('<webvulscan>', 'src="javascript:alert(webvulscan)"');
    //First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
    $parsedUrl = parse_url($urlToCheck);
    $log->lwrite("Check if {$urlToCheck} contains parameters");
    if ($parsedUrl) {
        if (isset($parsedUrl['query'])) {
            $log->lwrite("{$urlToCheck} does contain parameters");
            $scheme = $parsedUrl['scheme'];
            $host = $parsedUrl['host'];
            $path = $parsedUrl['path'];
            $query = $parsedUrl['query'];
            parse_str($query, $parameters);
            $originalQuery = $query;
            $payloadIndex = 0;
            foreach ($payloads as $currentPayload) {
                $http = new http_class();
                $http->timeout = 0;
                $http->data_timeout = 0;
                //$http->debug=1;
                $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
                $http->follow_redirect = 1;
                $http->redirection_limit = 5;
                $http->setTestId($testId);
                foreach ($parameters as $para) {
                    $query = $originalQuery;
                    $newQuery = str_replace($para, $currentPayload, $query);
                    $query = $newQuery;
                    $testUrl = $scheme . '://' . $host . $path . '?' . $query;
                    $log->lwrite("URL to be requested is: {$testUrl}");
                    $error = $http->GetRequestArguments($testUrl, $arguments);
                    $error = $http->Open($arguments);
                    echo "<br>Sending HTTP request to " . htmlspecialchars($testUrl) . "<br>";
                    if ($error == "") {
                        $log->lwrite("Sending HTTP request to {$testUrl}");
                        $error = $http->SendRequest($arguments);
                        if ($error == "") {
                            $headers = array();
                            $error = $http->ReadReplyHeaders($headers);
                            if ($error == "") {
                                $error = $http->ReadWholeReplyBody($body);
                                if (strlen($error) == 0) {
                                    $indicatorStr = $harmfulResponses[$payloadIndex];
                                    if (stripos($body, $indicatorStr)) {
                                        echo '<br>Reflected XSS Present!<br>Query: ' . HtmlSpecialChars($urlToCheck) . '<br>';
                                        echo 'Method: GET <br>';
//.........这里部分代码省略.........
开发者ID:3nj0y,项目名称:webvulscan,代码行数:101,代码来源:testForReflectedXSS.php

示例8: TRB_detectTrackbackUrl

/**
 * Attempt to auto-detect the Trackback URL of a post.
 *
 * @param    string $url URL of post with embedded RDF for the Trackback URL
 * @return   mixed           Trackback URL, or false on error
 *                       Note: The RDF, if found, is only parsed using a regular expression. Using
 *                       the XML parser may be more successful on some occassions ...
 */
function TRB_detectTrackbackUrl($url)
{
    $retval = false;
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    $http->debug = 0;
    $http->html_debug = 0;
    $http->user_agent = 'glFusion/' . GVERSION;
    $error = $http->GetRequestArguments($url, $arguments);
    $error = $http->Open($arguments);
    $error = $http->SendRequest($arguments);
    if ($error == "") {
        $http->ReadReplyHeaders($headers);
        if ($http->response_status == 200) {
            $error = $http->ReadWholeReplyBody($page);
            if ($error != "" && strlen($body) === 0) {
                COM_errorLog("Trackback Detect TRB URL: unable to retrieve response body");
                return false;
            }
        } else {
            COM_errorLog("Trackback Detect TRB URL: Got HTTP response code " . $http->response_status . " when requesting " . $url);
            return false;
        }
    } else {
        COM_errorLog("Trackback Detect TRB URL: " . $error . " when requesting " . $url);
        return false;
    }
    // search for the RDF first
    $startPos = strpos($page, '<rdf:RDF ');
    if ($startPos !== false) {
        $endPos = strpos($page, '</rdf:RDF>', $startPos);
        $endPos += strlen('</rdf:RDF>');
        $rdf = substr($page, $startPos, $endPos - $startPos);
        // Okay, we COULD fire up the XML parser now. But then again ...
        if (preg_match('/trackback:ping="(.*)"/', $rdf, $matches) == 1) {
            if (!empty($matches[1])) {
                $retval = $matches[1];
            }
        }
    }
    // no luck with the RDF? try searching for a rel="trackback" link
    if ($retval === false) {
        // remove all linefeeds first to help the regexp below
        $page = str_replace(array("\r", "\n"), '', $page);
        preg_match_all("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\\/a>/i", $page, $matches);
        for ($i = 0; $i < count($matches[0]); $i++) {
            $link = $matches[0][$i];
            if (strpos($link, 'rel="trackback"') !== false) {
                $retval = $matches[1][$i];
                break;
            }
        }
    }
    return $retval;
}
开发者ID:spacequad,项目名称:glfusion,代码行数:64,代码来源:lib-trackback.php

示例9: SendAPIRequest


//.........这里部分代码省略.........
         $arguments['PostFiles'] = $post_files;
     }
     $arguments['RequestMethod'] = $method;
     switch ($type) {
         case 'application/x-www-form-urlencoded':
         case 'multipart/form-data':
             if (isset($options['RequestBody'])) {
                 return $this->SetError('the request body is defined automatically from the parameters');
             }
             $arguments['PostValues'] = $post_values;
             break;
         case 'application/json':
             $arguments['Headers']['Content-Type'] = $options['RequestContentType'];
             if (!isset($options['RequestBody'])) {
                 $arguments['Body'] = json_encode($parameters);
                 break;
             }
             if (!isset($options['RequestBody'])) {
                 return $this->SetError('it was not specified the body value of the of the API call request');
             }
             $arguments['Headers']['Content-Type'] = $options['RequestContentType'];
             $arguments['Body'] = $options['RequestBody'];
             break;
     }
     $arguments['Headers']['Accept'] = isset($options['Accept']) ? $options['Accept'] : '*/*';
     switch (isset($options['AccessTokenAuthentication']) ? strtolower($options['AccessTokenAuthentication']) : '') {
         case 'basic':
             $arguments['Headers']['Authorization'] = 'Basic ' . base64_encode($this->client_id . ':' . ($this->get_token_with_api_key ? $this->api_key : $this->client_secret));
             break;
         case '':
             if (strlen($authorization)) {
                 $arguments['Headers']['Authorization'] = $authorization;
             }
             break;
         default:
             return $this->SetError($this->access_token_authentication . ' is not a supported authentication mechanism to retrieve an access token');
     }
     if (strlen($error = $http->SendRequest($arguments)) || strlen($error = $http->ReadReplyHeaders($headers))) {
         $http->Close();
         return $this->SetError('it was not possible to retrieve the ' . $options['Resource'] . ': ' . $error);
     }
     $error = $http->ReadWholeReplyBody($data);
     $http->Close();
     if (strlen($error)) {
         return $this->SetError('it was not possible to access the ' . $options['Resource'] . ': ' . $error);
     }
     $this->response_status = intval($http->response_status);
     $content_type = isset($options['ResponseContentType']) ? $options['ResponseContentType'] : (isset($headers['content-type']) ? strtolower(trim(strtok($headers['content-type'], ';'))) : 'unspecified');
     switch ($content_type) {
         case 'text/javascript':
         case 'application/json':
             if (!function_exists('json_decode')) {
                 return $this->SetError('the JSON extension is not available in this PHP setup');
             }
             $object = json_decode($data);
             switch (GetType($object)) {
                 case 'object':
                     if (!isset($options['ConvertObjects']) || !$options['ConvertObjects']) {
                         $response = $object;
                     } else {
                         $response = array();
                         foreach ($object as $property => $value) {
                             $response[$property] = $value;
                         }
                     }
                     break;
                 case 'array':
                     $response = $object;
                     break;
                 default:
                     if (!isset($object)) {
                         return $this->SetError('it was not returned a valid JSON definition of the ' . $options['Resource'] . ' values');
                     }
                     $response = $object;
                     break;
             }
             break;
         case 'application/x-www-form-urlencoded':
         case 'text/plain':
         case 'text/html':
             parse_str($data, $response);
             break;
         default:
             $response = $data;
             break;
     }
     if ($this->response_status >= 200 && $this->response_status < 300) {
         $this->access_token_error = '';
     } else {
         $this->access_token_error = 'it was not possible to access the ' . $options['Resource'] . ': it was returned an unexpected response status ' . $http->response_status . ' Response: ' . $data;
         if ($this->debug) {
             $this->OutputDebug('Could not retrieve the OAuth access token. Error: ' . $this->access_token_error);
         }
         if (isset($options['FailOnAccessError']) && $options['FailOnAccessError']) {
             $this->error = $this->access_token_error;
             return false;
         }
     }
     return true;
 }
开发者ID:andersonribert,项目名称:oauth_lib,代码行数:101,代码来源:oauth_client.php

示例10: testUnvalidatedRedirects

function testUnvalidatedRedirects($arrayOfUrls, $testId)
{
    connectToDb($db);
    updateStatus($db, "Testing all URLs for Unvalidated Redirects...", $testId);
    $log = new Logger();
    $log->lfile('logs/eventlogs');
    $log->lwrite("Starting Unvalidated Redirects test function on all URLs");
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    //$http->debug=1;
    $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
    $http->follow_redirect = 0;
    $http->setTestId($testId);
    //Identify which URLs, if any, cause redirects
    $log->lwrite("Identifying which URLs, if any, cause redirects");
    updateStatus($db, "Identifying which URLs, if any, cause redirects...", $testId);
    $potentiallyVulnUrls = array();
    foreach ($arrayOfUrls as $currentUrl) {
        $error = $http->GetRequestArguments($currentUrl, $arguments);
        $error = $http->Open($arguments);
        $log->lwrite("URL to be requested is: {$currentUrl}");
        if ($error == "") {
            $log->lwrite("Sending HTTP request to {$currentUrl}");
            $error = $http->SendRequest($arguments);
            if ($error == "") {
                $headers = array();
                $error = $http->ReadReplyHeaders($headers);
                if ($error == "") {
                    $responseCode = $http->response_status;
                    //This is a string
                    $log->lwrite("Received response code: {$responseCode}");
                    if (intval($responseCode) >= 300 && intval($responseCode) < 400) {
                        array_push($potentiallyVulnUrls, $currentUrl);
                    }
                }
            }
            $http->Close();
        }
        if (strlen($error)) {
            echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
            $log->lwrite("Error: {$error}");
        }
    }
    $log->lwrite("Potentially Vulnerable URLs:");
    foreach ($potentiallyVulnUrls as $currentUrl) {
        $log->lwrite("{$currentUrl}");
    }
    updateStatus($db, "Beginning testing each potentially vulnerable URL for unvalidated redirects ...", $testId);
    $redirectDomain = 'www.whatismyip.com';
    foreach ($potentiallyVulnUrls as $currentUrl) {
        updateStatus($db, "Testing {$currentUrl} for Unvalidated Redirects...", $testId);
        $log->lwrite("Testing {$currentUrl} for unvalidated redirects");
        echo "<br>Testing: {$currentUrl} <br>";
        $parsedUrl = parse_url($currentUrl);
        $query = $parsedUrl['query'];
        $parameters = array();
        parse_str($query, $parameters);
        $newQuery = '';
        $query = urldecode($query);
        $originalQuery = $query;
        if ($parsedUrl) {
            foreach ($parameters as $para) {
                $query = $originalQuery;
                if (stripos($para, 'http') || stripos($para, 'www')) {
                    if (stripos($para, 'http') === 0) {
                        $newRedirectDomain = 'http://' . $redirectDomain;
                        $newQuery = str_replace($para, $newRedirectDomain, $query);
                        $query = $newQuery;
                        $newRedirectDomain = '';
                    } else {
                        if (stripos($para, 'www') === 0 && !strpos($para, 'http') === 0) {
                            $newQuery = str_replace($para, $redirectDomain, $query);
                            $query = $newQuery;
                        }
                    }
                } else {
                    $newRedirectDomain = 'http://' . $redirectDomain;
                    $newQuery = str_replace($para, $newRedirectDomain, $query);
                    $query = $newQuery;
                    $newRedirectDomain = '';
                }
                $scheme = $parsedUrl['scheme'];
                $host = $parsedUrl['host'];
                $path = $parsedUrl['path'];
                $testUrl = $scheme . '://' . $host . $path . '?' . $newQuery;
                $log->lwrite("URL to be requested is: {$testUrl}");
                $error = $http->GetRequestArguments($testUrl, $arguments);
                $error = $http->Open($arguments);
                if ($error == "") {
                    $log->lwrite("Sending HTTP request to {$testUrl}");
                    $error = $http->SendRequest($arguments);
                    if ($error == "") {
                        $headers = array();
                        $error = $http->ReadReplyHeaders($headers);
                        if ($error == "") {
                            $error = $http->ReadWholeReplyBody($body);
                            if (strlen($error) == 0) {
                                //Check if the location in the HTTP response is the URL added as a parameter
                                //If it is this would cause the browser to redirect to the parameter, therefore the vulnerability is present
//.........这里部分代码省略.........
开发者ID:3nj0y,项目名称:webvulscan,代码行数:101,代码来源:testUnvalidatedRedirects.php

示例11: testForSQLi

function testForSQLi($urlToCheck, $urlOfSite, $testId)
{
    connectToDb($db);
    updateStatus($db, "Testing {$urlToCheck} for SQL Injection...", $testId);
    $log = new Logger();
    $log->lfile('logs/eventlogs');
    $log->lwrite("Starting SQL Injection test function on {$urlToCheck}");
    $postUrl = $urlToCheck;
    $postUrlPath = parse_url($postUrl, PHP_URL_PATH);
    //Check URL is not responding with 5xx codes
    $log->lwrite("Checking what response code is received from {$urlToCheck}");
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    //$http->debug=1;
    $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
    $http->follow_redirect = 1;
    $http->redirection_limit = 5;
    $http->setTestId($testId);
    $error = $http->GetRequestArguments($urlToCheck, $arguments);
    $error = $http->Open($arguments);
    $log->lwrite("URL to be requested is: {$urlToCheck}");
    if ($error == "") {
        $log->lwrite("Sending HTTP request to {$urlToCheck}");
        $error = $http->SendRequest($arguments);
        if ($error == "") {
            $headers = array();
            $error = $http->ReadReplyHeaders($headers);
            if ($error == "") {
                $responseCode = $http->response_status;
                //This is a string
                $log->lwrite("Received response code: {$responseCode}");
                if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
                    $log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
                    return;
                }
            }
        }
        $http->Close();
    }
    if (strlen($error)) {
        echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
        $log->lwrite("Error: {$error}");
    }
    $html = file_get_html($postUrl, $testId);
    if (empty($html)) {
        //This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
        updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
        $log->lwrite("Problem getting contents from {$urlToCheck}");
        return;
    }
    $log->lwrite("Successfully got contents from {$urlToCheck}");
    //Defintion of all payloads used and warnings to examine for
    $arrayOfPayloads = array("'", '"', ';', ')', '(', '.', '--');
    //specified in webfuzz library (lib.webfuzz.js) from WebSecurify
    //From lib.webfuzz, some added by myself
    //The function checks for these errors after a payload is submitted
    $arrayOfSQLWarnings = array("supplied argument is not a valid MySQL", "mysql_fetch_array\\(\\)", "on MySQL result index", "You have an error in your SQL syntax;", "You have an error in your SQL syntax near", "MySQL server version for the right syntax to use", "\\[MySQL\\]\\[ODBC", "Column count doesn't match", "the used select statements have different number of columns", "Table '[^']+' doesn't exist", "DB Error: unknown error", ":[\\s]*mysql", "mysql_fetch", "System\\.Data\\.OleDb\\.OleDbException", "\\[SQL Server\\]", "\\[Microsoft\\]\\[ODBC SQL Server Driver\\]", "\\[SQLServer JDBC Driver\\]", "\\[SqlException", "System.Data.SqlClient.SqlException", "Unclosed quotation mark after the character string", "'80040e14'", "mssql_query\\(\\)", "odbc_exec\\(\\)", "Microsoft OLE DB Provider for ODBC Drivers", "Microsoft OLE DB Provider for SQL Server", "Incorrect syntax near", "Syntax error in string in query expression", "ADODB\\.Field \\(0x800A0BCD\\)<br>", "Procedure '[^']+' requires parameter '[^']+'", "ADODB\\.Recordset'", "Microsoft SQL Native Client error", "Unclosed quotation mark after the character string", "SQLCODE", "DB2 SQL error:", "SQLSTATE", "Sybase message:", "Syntax error in query expression", "Data type mismatch in criteria expression.", "Microsoft JET Database Engine", "\\[Microsoft\\]\\[ODBC Microsoft Access Driver\\]", "(PLS|ORA)-[0-9][0-9][0-9][0-9]", "PostgreSQL query failed:", "supplied argument is not a valid PostgreSQL result", "pg_query\\(\\) \\[:", "pg_exec\\(\\) \\[:", "com\\.informix\\.jdbc", "Dynamic Page Generation Error:", "Dynamic SQL Error", "\\[DM_QUERY_E_SYNTAX\\]", "has occurred in the vicinity of:", "A Parser Error \\(syntax error\\)", "java\\.sql\\.SQLException", "\\[Macromedia\\]\\[SQLServer JDBC Driver\\]");
    //First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
    $parsedUrl = parse_url($urlToCheck);
    $log->lwrite("Check if {$urlToCheck} contains parameters");
    if ($parsedUrl) {
        if (isset($parsedUrl['query'])) {
            $log->lwrite("{$urlToCheck} does contain parameters");
            $scheme = $parsedUrl['scheme'];
            $host = $parsedUrl['host'];
            $path = $parsedUrl['path'];
            $query = $parsedUrl['query'];
            parse_str($query, $parameters);
            $originalQuery = $query;
            foreach ($arrayOfPayloads as $currentPayload) {
                $http = new http_class();
                $http->timeout = 0;
                $http->data_timeout = 0;
                //$http->debug=1;
                $http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
                $http->follow_redirect = 1;
                $http->redirection_limit = 5;
                $http->setTestId($testId);
                foreach ($parameters as $para) {
                    $query = $originalQuery;
                    $newQuery = str_replace($para, $currentPayload, $query);
                    $query = $newQuery;
                    $testUrl = $scheme . '://' . $host . $path . '?' . $query;
                    $log->lwrite("URL to be requested is: {$testUrl}");
                    $error = $http->GetRequestArguments($testUrl, $arguments);
                    $error = $http->Open($arguments);
                    if ($error == "") {
                        $log->lwrite("Sending HTTP request to {$testUrl}");
                        $error = $http->SendRequest($arguments);
                        if ($error == "") {
                            $headers = array();
                            $error = $http->ReadReplyHeaders($headers);
                            if ($error == "") {
                                $error = $http->ReadWholeReplyBody($body);
                                if (strlen($error) == 0) {
                                    $vulnerabilityFound = false;
                                    for ($warningIndex = 0; $warningIndex < sizeof($arrayOfSQLWarnings); $warningIndex++) {
                                        $regularExpression = "/{$arrayOfSQLWarnings[$warningIndex]}/";
                                        if (preg_match($regularExpression, $body)) {
//.........这里部分代码省略.........
开发者ID:3nj0y,项目名称:webvulscan,代码行数:101,代码来源:testForSQLi.php


注:本文中的http_class::ReadWholeReplyBody方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。