Xss platform to build a small note

Take out the grievances every day and bask in the sun, the mood will not be calcium deficiency

I have built a number of xss platforms before, and I have used several sets of source code. However, in comparison, I still think that wuyun’s xss.me source code is easier to use, even if it is older. Recently, because of the work needs, and ready to re-establish a set of xss platform, the source code decisively chose xss.me (of course, after the modification), my source code blog: [http://www.bodkin.ren/?p =133] (http://www.bodkin.ren/?p=133), thanks for sharing.

The construction process of the Xss platform is not complicated. Although some minor problems were encountered during the period, it was quickly solved and shared in this record.

xss source download

[modified version] (https://git.oschina.net/nMask/Resource/raw/master/xss.me.new.zip)
[Original] (https://git.oschina.net/nMask/Resource/raw/master/xss.me.old.zip)

Install

First download the xssplatform source code, and then choose a server to install wamp, the reason why choose wamp to build the environment, mainly want to avoid the trouble of configuring apache, mysql, because the focus of this article is on the process of building the xss platform. (Great God can choose to install and configure apache separately on Linux)

After the server environment is configured, put the xss source code in the wamp’s www directory and start the wamp. At this time, if the wamp is running normally, we should open the localhost/xss/ and you should see the login interface, but you cannot log in or register at this time. , also need to perform multiple configurations.

apache configuration

Open wamp\bin\apache\apache2.4.9\conf\httpd.conf. In order to build the xss platform without error, let’s set the website directory first:

1
Change c:/wamp/www/ to c:/wamp/www/xss/ and restart apache.

At this point open localhost you can see the landing page, without having to access the localhost/xss/ path. Of course, if there are special needs, you must set the secondary directory, then some path configuration, please set to a secondary directory, that is, add the directory name in front of the original path, such as /xss/index.php.

Database Configuration

Open localhost/phpmyadmin and enter the phpmyadmin management interface, add a user root, 123456, delete other users for security reasons. Then add a database named poppy (the specific database name can be found in the xss.sql file, which is written inside), and then import the xss.sql file.
Change the domain name of the oc_module module, enter the oc_module table, execute the sql statement, and change to your own domain name. (affects the generated xss poc)
` betting
UPDATE oc_module SET code=REPLACE(code,”http://xsser.me","http://xxx.com“);

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
### Xss source configuration
After apache and database configuration, you need to configure the xss source.
#### config.php
Open the config.php file in the root directory, mainly look at the following configurations.
```bash
/* Database linkage */
$config['dbHost'] = 'localhost'; //database address
$config['dbUser'] = 'root'; //user
$config['dbPwd'] = '123456'; //password
$config['database'] = 'poppy'; / / database name
$config['charset'] = 'utf8'; //Database character set
$config['tbPrefix'] = 'oc_'; //Table name prefix
$config['dbType'] = 'mysql'; / / database type (currently only supports mysql)
/* Registration Configuration */
$config['register'] = 'invite'; //normal, normal; invite, only invites to register; close, close registration
$config['mailauth'] =false; //Whether the mailbox is verified when registering
/* url configuration */
$config['urlroot'] = 'http://localhost'; / / access to the url start

Modify the configuration as follows:

  • $config[‘database’] = ‘poppy’; #Change, keep the same as the data name (database name view .sql file)
  • The database account password can be changed or left unchanged.
  • $config[‘register’] = ‘normal’; # Change to no invitation code.
  • $config[‘urlroot’] = ‘http://localhost‘; #Change to local

Modify authtest.php

Modify the authtest.php file in the root directory and change it to your own domain name or ip.

1
2
3
4
5
6
else if ((isset($_SERVER['PHP_AUTH_USER'])) && (isset($_SERVER['PHP_AUTH_PW']))){
/* variable value exists, check if it is correct */
header("Location: http://xxx.com/index.php?do=api&id={$_GET[id]}&username={$_SERVER[PHP_AUTH_USER]}&password={$_SERVER[PHP_AUTH_PW]}");
}

After modifying the configuration, open localhost and register an account. After the registration is completed, a new record will be added to the oc_user table. Manually change the adminlevel to 1 (that is, the administrator permission, you can have the permission to drop the invitation code).

After completing the above steps, the platform is almost ready to use, but if you encounter some other problems, please continue to look down.

Xss_Url 404 problem

The problem occurred: when visiting

1
http://xxx.com/y42f59?1489555427

When the auto-generated xss_poc is generated, a 404 error occurs because the url rewrite does not take effect, mainly because of the middleware configuration problem. The following is a solution for apache and iis middleware.

apache solution

First add the .htaccess file to the root of the website. The contents of the file are as follows:

1
2
3
4
5
6
7
8
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^([0-9a-zA-Z]{6})$ /index.php?do=code&urlKey=$1 [L]
RewriteRule ^do/auth/(\w+?)(/domain/([\w\.]+?))?$ /index.php?do=do&auth=$1&domain=$3 [L]
RewriteRule ^register/(.*?)$ /index.php?do=register&key=$1 [L]
RewriteRule ^register-validate/(.*?)$ /index.php?do=register&act=validate&key=$1 [L]
</IfModule>

Note: If the website requires domain name + directory to access, such as: www.xxx.com/xss/, add /xss/index.php before the following code /index.php.

Then modify the apache configuration file to allow url rewriting.

1
AllowOverride None

Change all

1
AllowOverride All

In this way, apache will match the url rewrite rules according to the .htaccess file in the root directory.

After completing the above two configurations and accessing similar to this address, the xss_poc(js) content will be displayed.

1
http://xxx.com/y42f59?1489555427

When writing text, I am doing the test under Windows. The configuration method under Linux should be consistent.

iisSolution

Reference: [http://www.bodkin.ren/?p=133] (http://www.bodkin.ren/?p=133)

Email SMS Settings

  • Modify the file \source\function.php 257 lines, change the password of the mailbox account inside, change the host to smtp.xx.com, such as: smtp.qq.com
  • Fetion SMS reminder function, modify \source\api.php 72 line mobile phone number, may only support mobile phone number.

Old version other issues

The new source does not need to modify the following parameters, the old version may need to be modified

Modify registration page submit button

Modify the contents of themes\default\templates\register.html:

1
<input id="btnRegister" type="button" onclick="Register()" value="Submit registration" />

change into

1
<input id="btnRegister" type="submit" value="Submit registration" />

Invitation code generation

(1) Comment out the permission control of the 10th line and the 50th line of the file source\user.php

1
2
//if($user->userId<=0) ShowError('Not logged in or timed out', $url['login'], 'Re-login');
//if($user->adminLevel<=0) ShowError('no operation permission', URL_ROOT.'/index.php?do=user&act=invite');

Then visit /index.php?do=user&act=invite to generate a verification code.
(2) Register a user test, enter the database, change the user’s adminLevel to 1, then remove the comment added to (1); and add the permission control in the case ‘invite’:

1
If($user->adminLevel<=0) ShowError('no operation permission', URL_ROOT.'/index.php');

(3) Or open the normal registration permission, modify the 18th line of the file /config.php

1
$config['register']='invite'; //normal, normal; invite, only invites to register; close, close registration

Delete cookies

Modify the Delete() and MultiDelete() functions in the file themes\default\templates\project_view.html to change the URL of the post to

1
'/xss/index.php?do=project&act=delcontent&r='

That is, add ‘/xss’ to the front based on the actual server path.

source\class\user.class.php

1
2
3
$this->db->Execute("UPDATE ".$this->tbUser." SET loginTime='".time()."'");
change into
$this->db->Execute("UPDATE ".$this->tbUser." SET loginTime='".time()."' where id={$row['id']}");

Modify the jump prompt time

1
2
3
setTimeout("location.href='{$notice.turnto}'",3000);
change into
setTimeout("location.href='{$notice.turnto}'",500);

本文标题:Xss platform to build a small note

文章作者:nmask

发布时间:2017年03月15日 - 14:03

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/03/15/Xss platform to build a small note/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: