-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjs.js
62 lines (62 loc) · 2.17 KB
/
js.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
$( document ).ajaxSend(function( event, jqxhr, arg ) {
new_url=arg.url;
post_content=[];
get_content=[];
if(typeof arg.data=='string'){
post_content=$.deserialize(arg.data);
}
if(new_url.split('?').length>1){
new_url=new_url.split('?');
get_content=$.deserialize(new_url[1]);
new_url=new_url[0];
}
for(var key in post_content){
temp1=jQuery.extend({}, post_content);
if(typeof temp1[key]=='object'){
temp1[key]=[temp1[key][0]+"'"];
}else{
temp1[key]=temp1[key]+"'";
}
xhr_attack(new_url,get_content,temp1);
if(!is_numeric(post_content[key])){
temp1[key]="not_assigned";
xhr_attack(new_url,get_content,temp1);
}
}
for(var key in get_content){
temp1=jQuery.extend({}, get_content);
if(typeof temp1[key]=='object'){
temp1[key]=[temp1[key][0]+"'"];
}else{
temp1[key]=temp1[key]+"'";
}
xhr_attack(new_url,temp1,post_content);
if(!is_numeric(get_content[key])){
temp1[key]="not_assigned";
xhr_attack(new_url,temp1,post_content);
}
}
});
function xhr_attack(url,get,post){
if(typeof get.length=='number' && get.length==0){
}else{
url+='?'+decodeURIComponent($.param(get));
}
$.ajax({
url:url,
data:post,
type:'POST',
global:false
}).done(function(data){
if( data.toLowerCase().indexOf('sqlstate')>=0 ||
data.toLowerCase().indexOf('fatal error')>=0 ||
data.toLowerCase().indexOf('exception')>=0 ||
data.toLowerCase().indexOf(' php ')>=0
){
console.warn(url,get,post);
console.log(data);
}
});
}
!function(e){e.deserialize=function(e,i){for(var n=e.split(/&|&/i),t={},i=i||{},o=0;o<n.length;o++){var r=n[o].split("=");if(r[0]=decodeURIComponent(r[0]),!i.except||-1==i.except.indexOf(r[0]))if(/^\w+\[\w+\]$/.test(r[0])){var d=r[0].match(/^(\w+)\[(\w+)\]$/);"undefined"==typeof t[d[1]]&&(t[d[1]]={}),t[d[1]][d[2]]=decodeURIComponent(r[1])}else t[r[0]]=decodeURIComponent(r[1])}return t},e.fn.deserialize=function(i){return e.deserialize(e(this).serialize(),i)}}(jQuery);
function is_numeric(e){var whitespace =" \n\r\t\f\x0b\xa0\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u3000";return("number"==typeof e||"string"==typeof e&&-1===whitespace.indexOf(e.slice(-1)))&&""!==e&&!isNaN(e)}