..tutorial we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..
THC Sscan is a very versatile tool for scanning (html) files
<?php
/* Filters out exploits
Filters some common exploits like xss,lfi and sqli from a string.
PARAMETERS:
$sString: text string
$bXSS: filters xss
$bFI: filters file injections
$bSQL: filters sql injections
RETURNS:
STRING: filtered data
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/
function ExploitFilter($sString,$bXSS=false,$bFI=false,$bSQL=false){
if($bXSS==false && $bFI==false && $bSQL==false){
return($sString);
}
if(!is_string($sString)){
return($sString);
}
if($bXSS){
$sString = strip_tags($sString);
}
if($bFI){
$sString = str_replace("../","",$sString);
$sString = str_replace("./","",$sString);
$sString = preg_replace('[^a-zA-Z0-9\-_\.\/ ]','',$sString);
}
if($bSQL){
$sString = mysql_real_escape_string($sString);
}
return($sString);
}
?>