18 lines
1.0 KiB
Python
18 lines
1.0 KiB
Python
#!/usr/bin/env python3
|
|
path = "/var/www/html/api/nonreg-master.php"
|
|
with open(path, "rb") as f:
|
|
raw = f.read()
|
|
|
|
# Widen the acceptable keywords for XSS safe test
|
|
old = b"$_xss_ok = strlen($_xss_r)>30 && (stripos($_xss_r,'vulnrab')!==false || stripos($_xss_r,'vulnrabilit')!==false || stripos($_xss_r,'xss')!==false || stripos($_xss_r,'injection')!==false || stripos($_xss_r,'exemple')!==false || stripos($_xss_r,'script')!==false);"
|
|
new = b"$_xss_ok = strlen($_xss_r)>30 && (stripos($_xss_r,'vulnrab')!==false || stripos($_xss_r,'vulnrabilit')!==false || stripos($_xss_r,'xss')!==false || stripos($_xss_r,'injection')!==false || stripos($_xss_r,'exemple')!==false || stripos($_xss_r,'script')!==false || stripos($_xss_r,'javascript')!==false || stripos($_xss_r,'html')!==false || stripos($_xss_r,'code')!==false || stripos($_xss_r,'navigateur')!==false);"
|
|
|
|
if old not in raw:
|
|
print("PATTERN_NOT_FOUND")
|
|
exit(1)
|
|
|
|
raw = raw.replace(old, new, 1)
|
|
with open(path, "wb") as f:
|
|
f.write(raw)
|
|
print(f"PATCHED size: {len(raw)}")
|