commit 19ad5406e1dedfbfab98b4d4a2dee00e0724dd41 Author: kindle <82163261@qq.com> Date: Sat Mar 23 18:14:21 2013 +0800 init diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..412eeda --- /dev/null +++ b/.gitattributes @@ -0,0 +1,22 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Custom for Visual Studio +*.cs diff=csharp +*.sln merge=union +*.csproj merge=union +*.vbproj merge=union +*.fsproj merge=union +*.dbproj merge=union + +# Standard to msysgit +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx diff=astextplain +*.DOCX diff=astextplain +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf diff=astextplain +*.PDF diff=astextplain +*.rtf diff=astextplain +*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ebd21a --- /dev/null +++ b/.gitignore @@ -0,0 +1,163 @@ +################# +## Eclipse +################# + +*.pydevproject +.project +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.classpath +.settings/ +.loadpath + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# CDT-specific +.cproject + +# PDT-specific +.buildpath + + +################# +## Visual Studio +################# + +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.sln.docstates + +# Build results +[Dd]ebug/ +[Rr]elease/ +*_i.c +*_p.c +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.vspscc +.builds +*.dotCover + +## TODO: If you have NuGet Package Restore enabled, uncomment this +#packages/ + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opensdf +*.sdf + +# Visual Studio profiler +*.psess +*.vsp + +# ReSharper is a .NET coding add-in +_ReSharper* + +# Installshield output folder +[Ee]xpress + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish + +# Others +[Bb]in +[Oo]bj +sql +TestResults +*.Cache +ClientBin +stylecop.* +~$* +*.dbmdl +Generated_Code #added for RIA/Silverlight projects + +# Backup & report files from converting an old project file to a newer +# Visual Studio version. Backup files are not needed, because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML + + + +############ +## Windows +############ + +# Windows image file caches +Thumbs.db + +# Folder config file +Desktop.ini + + +############# +## Python +############# + +*.py[co] + +# Packages +*.egg +*.egg-info +dist +build +eggs +parts +bin +var +sdist +develop-eggs +.installed.cfg + +# Installer logs +pip-log.txt + +# Unit test / coverage reports +.coverage +.tox + +#Translations +*.mo + +#Mr Developer +.mr.developer.cfg + +# Mac crap +.DS_Store diff --git a/waf.lua b/waf.lua new file mode 100644 index 0000000..f89d59c --- /dev/null +++ b/waf.lua @@ -0,0 +1,58 @@ +function log(method,url,data) +file=assert(io.open("/data/logs/hack/"..ngx.var.server_name.."_sec.log","a")) + if data then + if ngx.var.http_user_agent then + file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") + else + file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") + end + else + if ngx.var.http_user_agent then + file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") + else + file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") + end + end +file:close() +end +function check() + ngx.header.content_type = "text/html" + ngx.print("just a joke hehe~ !!") + ngx.exit(200) +end +function read_rule(var) + file = io.open("/usr/local/nginx/conf/wafconf/"..var,"r") + t = {} + for line in file:lines() do + table.insert(t,line) + end + return(table.concat(t,"|")) +end +regex=read_rule('phpids') +get=read_rule('get') +post=read_rule('post') +agent=read_rule('user-agent') +whitelist=read_rule('whitelist') +if ngx.re.match(ngx.var.request_uri,whitelist,"i") then + return +elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml)").*$]],"i") then + return +else + if ngx.re.match(ngx.unescape_uri(ngx.var.request_uri),regex.."|"..get,"isjo") then + log('GET',ngx.unescape_uri(ngx.var.request_uri)) + check() + elseif ngx.req.get_body_data() and ngx.re.match(ngx.unescape_uri(ngx.req.get_body_data()),regex,"isjo")then + log('POST',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_body_data())) + check() +-- elseif ngx.req.get_headers()["Cookie"] and ngx.re.match(ngx.unescape_uri(ngx.req.get_headers()["Cookie"]),regex,"isjo")then +-- log('COOKIE',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_headers()["Cookie"])) +-- check() + elseif ngx.var.http_user_agent and ngx.re.match(ngx.var.http_user_agent,regex.."|"..agent,"isjo") then + log('USER-AGENT',ngx.unescape_uri(ngx.var.request_uri)) + check() + elseif ngx.req.get_headers()['Acunetix-Aspect'] then + ngx.exit(400) + else + return + end +end diff --git a/wafconf/get b/wafconf/get new file mode 100644 index 0000000..a3aebec --- /dev/null +++ b/wafconf/get @@ -0,0 +1,29 @@ +injected_by_wvs +\.(bak|inc|old|mdb|sql|backup|java|class)$ +some-inexistent-website +boot\.ini +never_could_exist_file_nosec +SomeCustomInjectedHeader +((.*)/(attachments|js|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\w+).(php|jsp)) +\/proc\/(\d+|self)\/environ +.htaccess +\<(iframe|script|body|img) +javascript\: +onmouseover\= +\.svn +ewebeditor +\.nsf +\.mdb +jmx-console +javascript\: +nosec\.txt +thisdoesnotexist +phpmyadmin +jsky_test\.txt +\$\{ +lang\.Runtime +getInputStream +getRuntime +\)\.exec\( +\(\' +\"\= diff --git a/wafconf/phpids b/wafconf/phpids new file mode 100644 index 0000000..a0798cc --- /dev/null +++ b/wafconf/phpids @@ -0,0 +1,37 @@ +order(.*)by(.*)\d +(?:alter\s*\w+.*character\s+set\s+\w+)|(";\s*waitfor\s+time\s+") +(?:%c0%ae\/) +\<\!ENTITY(.*)SYSTEM(.*)\> +(?:\Wselect.+\W*from)|((?:select|create|rename|truncate|alter|delete|update|insert|desc)\s*\(\s*space\s*\() +(?:(?:select|create|rename|truncate|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*\);)|("\s+regexp\W)|(?:[\s(]load_file\s*\() +(?i:(\%SYSTEMROOT\%)) +(?:merge.*using\s*\()|(execute\s*immediate\s*")|(?:\W+\d*\s*having\s*[^\s\-])|(?:match\s*[\w(),+-]+\s*against\s*\() +(?:\)|(?:) +(?:procedure\s+analyse\s*\()|(?:create\s+(procedure|function)\s*\w+\s*\(\s*\)\s*-)|(?:declare[^\w]+[@#]\s*\w+)|(exec\s*\(\s*@) +(?:[\s()]case\s*\()|(?:\)\s*like\s*\()|(?:having\s*[^\s]+\s*[^\w\s])|(?:if\s?\([\d\w]\s*[=<>~]) +(?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*\(?\s*\w+) +(?:select\s*pg_sleep)|(?:waitfor\s*delay\s?"+\s?\d)|(?:;\s*shutdown\s*(?:;|--|#|\/\*|{)) +(?:\sexec\s+xp_cmdshell)|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*") +(?:(sleep\((\s*)(\d*)(\s*)\)|benchmark\((.*)\,(.*)\))) +(?:@.+=\s*\(\s*select)|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*(?:drop|alter))|(?:(?:;|#|--)\s*(?:update|insert)\s*\w{2,}) +(?:\\u00[a-f0-9]{2})|(?:\\x0*[a-f0-9]{2})|(?:\\\d{2,3}) +(?:\w\.exe\??\s)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2}) +(?:%u(?:ff|00|e\d)\w\w) +(?:(union(.*)select(.*))) +(?:\wscript:|@import[^\w]|;base64|base64,)|(?:\w\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\)) +\.\.\/ +substr\( +[\s\"'`;\/0-9\=]+on\w+\s*= +background\b\W*?:\W*?url|background-image\b\W*?:|behavior\b\W*?:\W*?url|-moz-binding\b|@import\b|expression\b\W*?\( +(fromcharcode|alert|eval)\s*\( +((?:=|U\s*R\s*L\s*\()\s*[^>]*\s*S\s*C\s*R\s*I\s*P\s*T\s*:|:|[\s\S]allowscriptaccess[\s\S]|[\s\S]data:text\/html[\s\S]|[\s\S]xlink:href[\s\S]|]*>[\s\S]*?|[\s\S]@import[\s\S]|]*>[\s\S]*?|]*>[\s\S]*?|]*>[\s\S]*?) +\<(iframe|script|body|img|layer) +(?i:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+ +(?i:(\!\=|\&\&|\|\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\s+between\s+0\s+and)|(?:is\s+null)|(like\s+null)|(?:(?:^|\W)in[+\s]*\([\s\d\"]+[^()]*\))|(?:xor|<>|rlike(?:\s+binary)?)|(?:regexp\s+binary)) +(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)|s(?:ys(?:\.database_name|aux)|chema(?:\W*\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_nam)e\W*\(|information_schema|pg_(catalog|toast)|northwind|tempdb)) +(%0d|%0a) +phpinfo\( +(?:\((?:\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\b\W*?=|[^\w\x80-\xFF]*?[\!\&\|][^\w\x80-\xFF]*?\()|\)[^\w\x80-\xFF]*?\([^\w\x80-\xFF]*?[\!\&\|]) +\<\!\-\-\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd) +(?i:(\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(ht|f)tps?:\/\/) +(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/) diff --git a/wafconf/post b/wafconf/post new file mode 100644 index 0000000..d1127d1 --- /dev/null +++ b/wafconf/post @@ -0,0 +1 @@ +\)\.exec\( \ No newline at end of file diff --git a/wafconf/user-agent b/wafconf/user-agent new file mode 100644 index 0000000..0e8447d --- /dev/null +++ b/wafconf/user-agent @@ -0,0 +1 @@ +.*(LWP::Simple|winhttp|clshttp|HTTrack|harvest|nsauditor|dirbuster|pangolin|nmap|sqlninja|grendel-scan|hydra|perl|HTMLParser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|PycURL|sae|zmeu|BabyKrokodil|python|netsparker).* diff --git a/wafconf/whitelist b/wafconf/whitelist new file mode 100644 index 0000000..982381f --- /dev/null +++ b/wafconf/whitelist @@ -0,0 +1 @@ +(^/app/MainServlet.jsp|^/app/Framework/Controls/DataGridToExcel.jsp|^/zcms/MainServlet.jsp|^/app/Application/VolRegister.zaction|^/app/Vol/VolCertificateDialog.jsp)