一段扫flash跨站的脚本 's

作者：xy7

没啥技术含量，主要是扫ExternalInterface.call

#!/usr/bin/php -q <?php  [email protected]---------- #Flash文件跨站检测脚本 2010/6/3 #检测过程如下: 提取ExternalInterface.call调用的参数，检查参数是都是直接通过loaderInfo.parameters获取 #使用方法 ./scan.php /as代码目录>log [email protected]---------*/  set_time_limit(0);  function find($directory) { $mydir=dir($directory); while($file=$mydir->read()){ if((is_dir("$directory/$file"))&&($file!=".")&&($file!="..")) { find("$directory/$file"); } else{ if($file != "." && $file != ".."&&eregi(".as",$file)){ $fd=realpath($directory."/".$file); $fp = fopen($fd, "r"); $i=0; while ($buffer = fgets($fp, 128)) { $i++; if(eregi("ExternalInterface.call",$buffer)) { echo "Line".$i.":".$buffer."/r/n/r/n"; preg_match("//((.*)/)/i", $buffer, $match); if (strstr($match[1],"(")) { preg_match("//((.*)/)/i", $match[1], $newmatch); echo "再次提取后参数包含 :".$newmatch[1]."/r/n/r/n"; $oldfp = ftell($fp); fseek($fp, 0); $p = 0; while ($newbuffer = fgets($fp, 128)) { $p++; if(eregi("loaderInfo.parameters",$newbuffer)) { //echo "Line".$p.":".$newbuffer."/r/n"; if (strstr($newbuffer,$newmatch[1])) { echo $newmatch[1]."存在漏洞/r/n/r/n";  } } } fseek($fp, $oldfp); unset($oldfp); } elseif(strstr($match[1],",")) { echo "多个参数:$match[1]/r/n"; if (strstr($match[1],"loaderInfo.parameters")){ echo $match[1]."直接调用loaderInfo.parameters传递存在漏洞/r/n/r/n"; } $var_array = array(); $var_array = explode(",",$match[1]); $oldfp = ftell($fp); fseek($fp,0); while ($newbuffer = fgets($fp, 128)) { if(eregi("loaderInfo.parameters",$newbuffer)) { //echo "Line".$p.":".$newbuffer."/r/n/r/n"; foreach ($var_array as $value) { if (strstr($newbuffer,$value)) { echo trim($value)."存在漏洞/r/n/r/n"; }  }  } } fseek($fp, $oldfp); unset($oldfp); }else { echo "唯一参数:".$match[1]."/r/n"; if (strstr($match[1],"loaderInfo.parameters")){ echo $match[1]."直接调用loaderInfo.parameters传递存在漏洞/r/n/r/n"; } $oldfp = ftell($fp); fseek($fp,0); while ($newbuffer = fgets($fp, 128)) { if(eregi("loaderInfo.parameters",$newbuffer)) { //echo "Line".$p.":".$newbuffer."/r/n/r/n"; if (strstr($newbuffer,$match[1])) { echo trim($match[1])."存在漏洞/r/n/r/n"; } } } fseek($fp, $oldfp); unset($oldfp); } } } fclose($fp);  } } } $mydir->close(); } function all() { static $count = 1; echo $count; $count++; } find($argv[1]); ?>